On Mon, Sep 29, 2008 at 12:00:09PM -0500, CyberLeo Kitsana wrote:
> Fraser Tweedale wrote:
> > - Create my CA key and a CSR, and have CACert sign it.
> Are you sure it's signed as an intermediary CA? cacert.org's website
> suggests they will only sign leaf certificates.
> http://wiki.cacert.org/wiki/SubRoot
> Fortunately, your client certs need not be signed by the same CA as your
> server cert, and it's probably somewhat pointless to have a client cert
> (which will be used for your infrastructure alone) vetted by a third party.
> -- 
> Fuzzy love,
> -CyberLeo
> Technical Administrator
> CyberLeo.Net Webhosting
> http://www.CyberLeo.Net
> Furry Peace! - http://wwww.fur.com/peace/

Thanks for the clarification.  I hadn't picked up on the fact that you
need a special intermediary cert for the server cert to validate up the

Well, nevermind.  It's just for personal use anyway... if only X.509 could
be simple like OpenPGP :)


Attachment: pgpqxJMTtc3na.pgp
Description: PGP signature

Reply via email to