You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by bu...@apache.org on 2014/04/03 19:09:01 UTC
[Bug 56346] New: self-signed cert documentation creates a
certificate with basic constraints: CA:true
https://issues.apache.org/bugzilla/show_bug.cgi?id=56346
Bug ID: 56346
Summary: self-signed cert documentation creates a certificate
with basic constraints: CA:true
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: dkeeler@mozilla.com
The documentation at http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html#selfcert
suggests users issue the following command:
openssl req -new -x509 -nodes -out server.crt -keyout server.key
The default configuration of openssl causes this to issue a certificate with
the basic constraints extension having a value of "CA:true" (meaning this is a
CA certificate that can issue other certificates). This is not appropriate for
a server certificate. The following command appears to do the right thing:
openssl req -new -x509 -nodes -out server.crt -keyout server.key -extensions
usr_cert
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 56346] self-signed cert documentation creates a certificate
with basic constraints: CA:true
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56346
--- Comment #1 from dajoker@gmail.com ---
It may be worth mentioning how this was found and some history behind it, which
can be found in this Mozilla bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=990603
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org