Re: [CentOS] Why is localhost self-signed cert a CA cert?

On 01/08/2013 06:31 PM, Craig White wrote:

On Jan 8, 2013, at 4:27 PM, Robert Moskowitz wrote:

...

On 01/08/2013 05:07 PM, Gordon Messmer wrote:

...

On 01/08/2013 11:49 AM, Robert Moskowitz wrote:

...

Why was this chosen? Why is not -extensions v3_req used in the certificate creation?

Because it has to be able to sign itself?

I just checked a couple RFCs. If this is a root CA cert, of course it is self-signed. By definition.

But a self-signed server cert is not a CA root cert....

---

it is a CA root certificate if I say it is.

Fine. Be that way. But then you still need a server cert to use in the SSL default virtual host.

Root certs are for signing other certs, not for using directly in applications.