Openssl req signs certificate with "Basic Constraints: CA: TRUE"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I’m trying to create a signed certificate from a CA certificate without creating a CSR first. From the doc, I came up with this command:

```
openssl req -CA ca.crt -CAkey ca.key -key leaf.key -subj ‘/CN=leaf’ -out leaf.crt
```

However,

```
openssl x509 -in leaf.crt -text -noout
```

reports that it contains:

```
X509v3 Basic Constraints: critical
    CA:TRUE
```

Which should be incorrect, since leaf.crt has an issuer and is not a CA.

I wonder if this is by design? Is there a way to omit the basic constraints extension in a leaf certificate?

I’m using 3.0.1.

Regards,
Glen
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux