[CentOS] Why is localhost self-signed cert a CA cert?
Robert Moskowitz
rgm at htt-consult.comWed Jan 9 00:42:40 UTC 2013
- Previous message: [CentOS] Why is localhost self-signed cert a CA cert?
- Next message: [CentOS] Why is localhost self-signed cert a CA cert?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 01/08/2013 06:38 PM, Gordon Messmer wrote: > On 01/08/2013 03:27 PM, Robert Moskowitz wrote: >> I just checked a couple RFCs. If this is a root CA cert, of course it is >> self-signed. By definition. > > Yes. > >> But a self-signed server cert is not a CA root cert.... > > Yes, it is. A certificate is a root cert unless some other > certificate has signed it. x509 creates a chain of trust. The root > of that chain is the certificate which has no other certificate's > signature on it. A self-signed cert is its own root, and all root > certificates are self-signed. > CA:TRUE means it is a signing cert. In RFC 5280, app C.2 end-entity cert: (g) the certificate is an end entity certificate, as the basic constraints extension is not present;
- Previous message: [CentOS] Why is localhost self-signed cert a CA cert?
- Next message: [CentOS] Why is localhost self-signed cert a CA cert?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list