> Le 26 mars 2020 à 14:11, Илья Шипицин <chipits...@gmail.com> a écrit : > > > > чт, 26 мар. 2020 г. в 17:27, Emmanuel Hocdet <m...@gandi.net > <mailto:m...@gandi.net>>: > > > Le 26 mars 2020 à 13:02, Илья Шипицин <chipits...@gmail.com > > <mailto:chipits...@gmail.com>> a écrit : > > > > RootCA is needed if you send cross certificate as well. > > > > It is very rare but legitimate case > > It’s only for self issued CA, it should be safe, right? > > I do not know what "yes" or "no" would mean :) > > by cross certificate I mean chain like that > > server cert --> intermediate CA --> root CA --> cross certificate > > https://knowledge.digicert.com/generalinformation/INFO2523.html > <https://knowledge.digicert.com/generalinformation/INFO2523.html> > > root CA is self issued
self issued CA is a root CA Subject == Issuer In your example: Subject: C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA Issuer: C = ZA, ST = Western Cape, L = Cape Town, O = Thawte Consulting cc, OU = Certification Services Division, CN = Thawte Premium Server CA, emailAddress = premium-ser...@thawte.com <mailto:premium-ser...@thawte.com>