-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Self-signed certificates do not default to CAs #10
Comments
I don't like this implicit behavior.
What may be a good help for inexperienced users and a safety net for the hasty ones: |
This was just a suggestion, but the warning you describe is also a good idea :-)
Well... AFAICR, I have seen long ago (but I don't remember where) a cert chain checking code that always requires a signer to be a CA, even for a single self-signed cert. |
Tested: OK Since there are additional messages, please feel free to ask me if you want another translation round before release. |
If no template (or the empty template) is applied when creating a self-signed certificate, it does not include CA:TRUE in extensions.
IMHO this extension should be preset automatically for self-signed certificates, as this is done by the
openssl req -x509
command default configuration.The text was updated successfully, but these errors were encountered: