[ILUG] Re: summary ? - SSL certs on clusters
Colm Buckley
colm at tuatha.org
Fri Jan 9 22:11:26 GMT 2004
On 9 Jan 2004, at 20:33, Paul Jakma wrote:
> Hmm... no, I mean a certificate signed by a key which itself has its
> cert signed by a CA.
You can't, as a rule. The certificates issued by CAs have the "can be
used to sign other certs" bit turned off. Each certificate has a list
of valid purposes; this is one of them, and commercial CAs are always
very careful to turn it off in certs they issue.
Colm
--
Colm Buckley / colm at google.com / +353 87 2469146
More information about the ILUG
mailing list