Wrong description in server_ca.config and client_ca.config
Hi Hackers,
The current descriptions for server_ca.config and client_ca.config are
not so accurate. For example, one of the descriptions in
server_ca.config states, "This certificate is used to sign server
certificates. It is self-signed." However, the server_ca.crt and
client_ca.crt are actually signed by the root_ca.crt, which is the only
self-signed certificate. Therefore, it would be more accurate to change
it to "This certificate is used to sign server certificates. It is an
Intermediate CA."
Attached is a patch attempting to fix the description issue.
Best regards,
David
Attachments:
v1-0001-correct-description-for-server_ca-and-client_ca.patchtext/plain; charset=UTF-8; name=v1-0001-correct-description-for-server_ca-and-client_ca.patchDownload+10-7
On 27 Feb 2024, at 20:38, David Zhang <david.zhang@highgo.ca> wrote:
Hi Hackers,
The current descriptions for server_ca.config and client_ca.config are not so accurate. For example, one of the descriptions in server_ca.config states, "This certificate is used to sign server certificates. It is self-signed." However, the server_ca.crt and client_ca.crt are actually signed by the root_ca.crt, which is the only self-signed certificate.
IIRC the intent was to say it isn't signed by an official CA, but I agree it's
misleading.
Therefore, it would be more accurate to change it to "This certificate is used to sign server certificates. It is an Intermediate CA."
Agreed. We should perhaps add the "This certificate is self-signed" sentence
to root_ca.conf as well while at it, it's currently only mentioned in
sslfiles.mk and adding it to the config would make the documentation more
consistent.
Attached is a patch attempting to fix the description issue.
Thanks, I'll have another look and will apply.
--
Daniel Gustafsson