NTS: removed "not implemented" on server ca

Richard Laager rlaager at wiktel.com
Wed Apr 3 15:28:25 UTC 2019

On 4/3/19 6:51 AM, Hal Murray via devel wrote:
> Most of the time when we say "root cert" we are talking about 
> an intermediate cert that is contained in the collection of trusted certs 
> distributed by distros.

The trusted certs in your distro definitely contain roots, not
intermediates, at least in the common case. I'm not seeing _any_
intermediates in mine.

For example, I ran this:

for i in [A-Z]*.pem
    openssl x509 -noout -text -in $i | grep -E "(Subject|Issuer):"

If you do the same, note that the Subject and Issuer are the same for
each cert. That means they're self-signed. A self-signed certificate
with the CA field set to true is a "root", by definition.



More information about the devel mailing list