NTS: removed "not implemented" on server ca
Richard Laager
rlaager at wiktel.com
Wed Apr 3 15:28:25 UTC 2019
On 4/3/19 6:51 AM, Hal Murray via devel wrote:
> Most of the time when we say "root cert" we are talking about
> an intermediate cert that is contained in the collection of trusted certs
> distributed by distros.
The trusted certs in your distro definitely contain roots, not
intermediates, at least in the common case. I'm not seeing _any_
intermediates in mine.
For example, I ran this:
for i in [A-Z]*.pem
do
openssl x509 -noout -text -in $i | grep -E "(Subject|Issuer):"
done
If you do the same, note that the Subject and Issuer are the same for
each cert. That means they're self-signed. A self-signed certificate
with the CA field set to true is a "root", by definition.
https://en.wikipedia.org/wiki/Root_certificate
--
Richard
More information about the devel
mailing list