On 19/12/2014 13:13, Benjamin wrote: > Hello everyone! > I am quite new to two things: this mailing list and making and working > with certificates > > I want to run a small owncloud on my raspberry pi and tried to make a > crt which I can also use with my mobile devices. Here is the problem: > When i make a certificate either with this instruction: > http://wiki.ubuntuusers.de/CA > or this one: > https://www.prshanmu.com/2009/03/generating-ssl-certificates-with-x509v3-extensions.html > > i have the problem that the cacert has "basicconstriants CA=TRUE" but > when i make a cert by request i got a new cert (as far as i knew, that > which i should use for my nginx webserver) which has CA=FALSE. This is > no problem normally but my Android phone only accepts Certs with > CA=TRUE and actually i don?t know how to make such a certificate?Of > course, i could use the cacert itself but isn?t this insecure and > inadequate? > I very much doubt that Android only accepts certificates with CA=TRUE. Unless of cause you are accidentally using an Android command to install the "public certificate" of a CA, rather than a command to install the "private key+public certificate" of a certificate for the Android itself. I seem to recall that the Android user interfaces for these things are a bit confusingly named. It should be perfectly safe (for the CA) to install the "public certificate" (with CA=TRUE) of the CA on your phone, PC, posted on your Google+ profile and any other place you think of, since this is the whole point (notice how the big names go to extreme lengths to get theirs included in every browser, OS, Phone etc. sold). Only the matching "private key" of your mini-CA needs to be kept in a very secret and locked down place, such as on a separate CA boot-SD that you only boot from when issuing new certificates or refreshing your CRL. > Thanks, best Benjamin! Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
