[CentOS] Why is localhost self-signed cert a CA cert?

Tue Jan 8 23:38:43 UTC 2013
Gordon Messmer <yinyang at eburg.com>

On 01/08/2013 03:27 PM, Robert Moskowitz wrote:
> I just checked a couple RFCs. If this is a root CA cert, of course it is
> self-signed. By definition.


> But a self-signed server cert is not a CA root cert....

Yes, it is.  A certificate is a root cert unless some other certificate 
has signed it.  x509 creates a chain of trust.  The root of that chain 
is the certificate which has no other certificate's signature on it.  A 
self-signed cert is its own root, and all root certificates are self-signed.