[Bug 56346] New: self-signed cert documentation creates a certificate with basic constraints: CA:true

bugzilla Thu, 03 Apr 2014 10:10:32 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=56346


            Bug ID: 56346
           Summary: self-signed cert documentation creates a certificate
                    with basic constraints: CA:true
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
          Assignee: [email protected]
          Reporter: [email protected]

The documentation at http://httpd.apache.org/docs/2.4/ssl/ssl_faq.html#selfcert
suggests users issue the following command:

openssl req -new -x509 -nodes -out server.crt -keyout server.key

The default configuration of openssl causes this to issue a certificate with
the basic constraints extension having a value of "CA:true" (meaning this is a
CA certificate that can issue other certificates). This is not appropriate for
a server certificate. The following command appears to do the right thing:

openssl req -new -x509 -nodes -out server.crt -keyout server.key -extensions
usr_cert

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 56346] New: self-signed cert documentation creates a certificate with basic constraints: CA:true

Reply via email to