Обсуждение: Wrong description in server_ca.config and client_ca.config

Hi Hackers,

The current descriptions for server_ca.config and client_ca.config are 
not so accurate. For example, one of the descriptions in 
server_ca.config states, "This certificate is used to sign server 
certificates. It is self-signed." However, the server_ca.crt and 
client_ca.crt are actually signed by the root_ca.crt, which is the only 
self-signed certificate. Therefore, it would be more accurate to change 
it to "This certificate is used to sign server certificates. It is an 
Intermediate CA."

Attached is a patch attempting to fix the description issue.

Best regards,

David

> On 27 Feb 2024, at 20:38, David Zhang <david.zhang@highgo.ca> wrote:
>
> Hi Hackers,
>
> The current descriptions for server_ca.config and client_ca.config are not so accurate. For example, one of the
descriptionsin server_ca.config states, "This certificate is used to sign server certificates. It is self-signed."
However,the server_ca.crt and client_ca.crt are actually signed by the root_ca.crt, which is the only self-signed
certificate.

IIRC the intent was to say it isn't signed by an official CA, but I agree it's
misleading.

> Therefore, it would be more accurate to change it to "This certificate is used to sign server certificates. It is an
IntermediateCA." 

Agreed.  We should perhaps add the "This certificate is self-signed" sentence
to root_ca.conf as well while at it, it's currently only mentioned in
sslfiles.mk and adding it to the config would make the documentation more
consistent.

> Attached is a patch attempting to fix the description issue.

Thanks, I'll have another look and will apply.

--
Daniel Gustafsson