You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Gary Gregory <ga...@gmail.com> on 2017/08/25 16:55:27 UTC
Trust self signed strategy does not.
Hi All,
I just saw a case at work where we have a server that dishes out a cert
chain with three certificates, one of which is self signed. Our trust self
signed strategy just checks that the chain length is 1.
I am not familiar enough with the cert chain guts to know if there is a
better way to do this.
Gary
Re: Trust self signed strategy does not.
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Fri, 2017-08-25 at 10:55 -0600, Gary Gregory wrote:
> Hi All,
>
> I just saw a case at work where we have a server that dishes out a
> cert
> chain with three certificates, one of which is self signed. Our trust
> self
> signed strategy just checks that the chain length is 1.
>
> I am not familiar enough with the cert chain guts to know if there is
> a
> better way to do this.
>
> Gary
Gary
My understanding that a self-signed certificate is the one that has
been only signed by itself and therefore its cert chain consists of one
cert only - itself.
As far as I understand all root CA certs are effectively self signed.
So, there is always a self-signed cert at the end of the cert chain.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org