[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Self-Issued certificate requirements?
Hi Faisal,
According to RFC 2510, chapter 3.2.5, self-signed certificates
should be constructed with the following requirements:
" The fields within this certificate are restricted as follows:
- The certificate MUST be self-signed (i.e., the signature must be
verifiable using the SubjectPublicKeyInfo field);
- The subject and issuer fields MUST be identical;
- If the subject field is NULL then both subjectAltNames and
issuerAltNames extensions MUST be present and have exactly the
same
value;
- The values of all other extensions must be suitable for a self-
signed certificate (e.g., key identifiers for subject and issuer
must be the same).
"
That's all I've been able to find.
Regards
/Lars
_________________________________________________
Lars Johansson | Consultant
lars.johansson@xxxxxxxxxxxxx | www.omegapoint.se
phone +46 70-915 88 40 | fax +46 8-517 008 29
Omegapoint AB, Stockholm, Sweden
-------------------
> Hi All,
>
> RFC-3280 defines Self Signed certificate as:
> "A certificate is self-issued if the DNs that appear in the subject
and issuer fields are identical and are not empty."
>
> There might be two condition for self-issued certificate:
> 1.. Version-1 certificate and has not any extension.
> 2.. Version-3 certificate with set of extension/s.
> For version-1 it is clear but are there any extra required things
for version-3 self-issued certificates?
> I mean for self-issued certificate is there any requirement that it
Must be a CA certificate?
> I mean BasicConstraints = ?, Path Length = ?, KeyUsage = ? etc.
>
> Regards,
> FAISAL MAQSOOD
>
>