goca icon indicating copy to clipboard operation
goca copied to clipboard

Published 20 hours ago verified publisher icon kairoaraujo

excessive extention usage on CA certificates

Open necheffa opened this issue 1 year ago • 1 comments

When GoCA generates a certificate authority (either root or intermediate) the TLS Web Client Authentication and TLS Web Server Authentication extensions are set. CA certificates should be limited to CA activities (Digital Signature, Certificate Sign, CRL Sign).

This behavior can be validated via visual inspection of a certificate with the OpenSSL command: openssl x509 -noout -text -in myca.crt

necheffa avatar Sep 12 '22 21:09 necheffa