On 4/3/19 6:51 AM, Hal Murray via devel wrote:
> Most of the time when we say "root cert" we are talking about
> an intermediate cert that is contained in the collection of trusted certs
> distributed by distros.
The trusted certs in your distro definitely contain roots, not
intermediates, at least in the common case. I'm not seeing _any_
intermediates in mine.
For example, I ran this:
for i in [A-Z]*.pem
do
openssl x509 -noout -text -in $i | grep -E "(Subject|Issuer):"
done
If you do the same, note that the Subject and Issuer are the same for
each cert. That means they're self-signed. A self-signed certificate
with the CA field set to true is a "root", by definition.
https://en.wikipedia.org/wiki/Root_certificate
--
Richard
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
