On 06/04/20 11:04, Laurenz Albe wrote: > I was referring to the wish to *not* use a self-signed CA certificate, > but an intermediate certificate as the ultimate authority, based on > a distrust of the certification authority that your organization says > you should trust.
Are you aware of any principled reason it should be impossible to include an end-entity certificate in the trust store used by a client? Are you aware of any principled reason it should be impossible to include a certificate that has the CA:TRUE and Certificate Sign bits in the trust store used by a client, whether it is its own signer or has been signed by another CA? Regards, -Chap