You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by bu...@apache.org on 2014/04/03 19:09:01 UTC

[Bug 56346] New: self-signed cert documentation creates a certificate with basic constraints: CA:true

https://issues.apache.org/bugzilla/show_bug.cgi?id=56346

            Bug ID: 56346
           Summary: self-signed cert documentation creates a certificate
                    with basic constraints: CA:true
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
          Assignee: docs@httpd.apache.org
          Reporter: dkeeler@mozilla.com

The documentation at http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html#selfcert
suggests users issue the following command:

openssl req -new -x509 -nodes -out server.crt -keyout server.key

The default configuration of openssl causes this to issue a certificate with
the basic constraints extension having a value of "CA:true" (meaning this is a
CA certificate that can issue other certificates). This is not appropriate for
a server certificate. The following command appears to do the right thing:

openssl req -new -x509 -nodes -out server.crt -keyout server.key -extensions
usr_cert

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 56346] self-signed cert documentation creates a certificate with basic constraints: CA:true

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56346

--- Comment #1 from dajoker@gmail.com ---
It may be worth mentioning how this was found and some history behind it, which
can be found in this Mozilla bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=990603

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org