Re: Why is localhost self-signed cert a CA cert?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 01/08/2013 06:38 PM, Gordon Messmer wrote:
> On 01/08/2013 03:27 PM, Robert Moskowitz wrote:
>> I just checked a couple RFCs. If this is a root CA cert, of course it is
>> self-signed. By definition.
>
> Yes.
>
>> But a self-signed server cert is not a CA root cert....
>
> Yes, it is.  A certificate is a root cert unless some other 
> certificate has signed it.  x509 creates a chain of trust.  The root 
> of that chain is the certificate which has no other certificate's 
> signature on it.  A self-signed cert is its own root, and all root 
> certificates are self-signed.
>
CA:TRUE means it is a signing cert.  In RFC 5280, app C.2 end-entity cert:

    (g)  the certificate is an end entity certificate, as the basic
         constraints extension is not present;


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux