[CentOS] Why is localhost self-signed cert a CA cert?
Robert Moskowitz
rgm at htt-consult.com
Wed Jan 9 01:27:51 UTC 2013
On 01/08/2013 06:31 PM, Craig White wrote:
> On Jan 8, 2013, at 4:27 PM, Robert Moskowitz wrote:
>
>> On 01/08/2013 05:07 PM, Gordon Messmer wrote:
>>> On 01/08/2013 11:49 AM, Robert Moskowitz wrote:
>>>> Why was this chosen? Why is not -extensions v3_req used in the
>>>> certificate creation?
>>> Because it has to be able to sign itself?
>> I just checked a couple RFCs. If this is a root CA cert, of course it is
>> self-signed. By definition.
>>
>> But a self-signed server cert is not a CA root cert....
> ----
> it is a CA root certificate if I say it is.
On further review there is a /etc/pki/CA/certs (and .../CA/private) for
the placement of CA certs. /etc/pki/tls is for end-entity certs.
More information about the CentOS
mailing list