On 01/08/2013 08:15 PM, Gordon Messmer wrote:
On 01/08/2013 04:42 PM, Robert Moskowitz wrote:
CA:TRUE means it is a signing cert. In RFC 5280, app C.2 end-entity cert: (g) the certificate is an end entity certificate, as the basic constraints extension is not present;
OK. If you want to suggest to Red Hat use "-extensions v3_req", you'll probably need to do so as a paying customer, in bugzilla. "why" probably isn't a question for this list. CentOS simply rebuilds the source that Red Hat provides.
I know that I would have to take this to bugzilla if my reading was correct. And on further review, I am holding more that way. So I will put in the bug report even without being a paying customer. Just my cred on working on PKIX back a decade ago and being the architect of the Bridge CA model for the US Federal and BioPharma PKIs...