> Hi everybody, > > i would like to know if it's normal to be able to sign a certificate with > one which have "anti-signing" rules : i mean basicConstraints = CA:false. > Could you enlight me ? > > Thank you, > > Jokester
Absolutely. Nobody can stop you from trying to use your certificate in a way that conflicts with the specified purpose. However, one would expect anything outside of your direct control to allow it. You sign a certificate with a key. In principle, that key could be vouched for by any number of certificates, or no certificates. Nothing can stop you from signing any certificate you like with any private key you know. However, if you present a certificate you have signed to another entity you do not control to prove your identity, that other entity will need to validate the certificate chain. If you can't present a certificate chain that passes integrity checks and starts with a certificate that other entity trusts, the certificate will do you no good. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]