diff --git a/changelogs/fragments/910-csr.yml b/changelogs/fragments/910-csr.yml
new file mode 100644
index 00000000..7906476c
--- /dev/null
+++ b/changelogs/fragments/910-csr.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "openssl_csr, openssl_csr_pipe - avoid accessing internal members of cryptography's ``KeyUsage`` extension object (https://github.com/ansible-collections/community.crypto/pull/910)."
diff --git a/plugins/module_utils/_crypto/module_backends/csr.py b/plugins/module_utils/_crypto/module_backends/csr.py
index 24be4fe0..10970f90 100644
--- a/plugins/module_utils/_crypto/module_backends/csr.py
+++ b/plugins/module_utils/_crypto/module_backends/csr.py
@@ -600,8 +600,7 @@ class CertificateSigningRequestCryptographyBackend(CertificateSigningRequestBack
                 return False
             params = cryptography_parse_key_usage_params(self.keyUsage)
             for param, value in params.items():
-                # TODO: check whether getattr() with '_' prepended is really needed
-                if getattr(current_keyusage_ext.value, "_" + param) != value:
+                if getattr(current_keyusage_ext.value, param) != value:
                     return False
             return current_keyusage_ext.critical == self.keyUsage_critical