[CentOS] Why is localhost self-signed cert a CA cert?
Robert Moskowitz
rgm at htt-consult.com
Tue Jan 8 23:22:11 UTC 2013
On 01/08/2013 05:07 PM, Gordon Messmer wrote:
> On 01/08/2013 11:49 AM, Robert Moskowitz wrote:
>> Why was this chosen? Why is not -extensions v3_req used in the
>> certificate creation?
> Because it has to be able to sign itself?
No. A self-signed cert need not and actually SHOULD not be a CA cert
according to PKIX standards.
CA is for signing other certs.
More information about the CentOS
mailing list