什么算作自签名 SSL 证书?
What counts as a self-signed SSL certificate?
如果我使用 openssl 创建证书颁发机构 (CA) 根目录(例如 this blog post or this MDN article)并使用它来签署证书签名请求 (CSR),生成的签名证书是否被视为 "self-signed"当前桌面 PC 浏览器(Firefox、Chrome、IE)?
答案是否取决于 CA 根证书是否作为可信机构安装在相关证书管理器中?
我的理解是答案应该是"No, and no."但是我有一个问题,不知道我的理解哪里不对
根据Wikipedia,
a self-signed certificate is one signed with its own private key.
也就是说,它的创建不需要证书颁发机构签署证书请求。因此,CA 证书在本地计算机上是否受信任并不重要。
编辑
CA certificates may be further divided into three classes:
cross-certificates, self-issued certificates, and self-signed
certificates. Cross-certificates are CA certificates in which the
issuer and subject are different entities. Cross-certificates
describe a trust relationship between the two CAs. Self-issued
certificates are CA certificates in which the issuer and subject are
the same entity. Self-issued certificates are generated to support
changes in policy or operations. Self-signed certificates are
self-issued certificates where the digital signature may be verified
by the public key bound into the certificate. Self-signed
certificates are used to convey a public key for use to begin
certification paths.
如果我使用 openssl 创建证书颁发机构 (CA) 根目录(例如 this blog post or this MDN article)并使用它来签署证书签名请求 (CSR),生成的签名证书是否被视为 "self-signed"当前桌面 PC 浏览器(Firefox、Chrome、IE)?
答案是否取决于 CA 根证书是否作为可信机构安装在相关证书管理器中?
我的理解是答案应该是"No, and no."但是我有一个问题,不知道我的理解哪里不对
根据Wikipedia,
a self-signed certificate is one signed with its own private key.
也就是说,它的创建不需要证书颁发机构签署证书请求。因此,CA 证书在本地计算机上是否受信任并不重要。
编辑
CA certificates may be further divided into three classes: cross-certificates, self-issued certificates, and self-signed certificates. Cross-certificates are CA certificates in which the issuer and subject are different entities. Cross-certificates describe a trust relationship between the two CAs. Self-issued certificates are CA certificates in which the issuer and subject are the same entity. Self-issued certificates are generated to support changes in policy or operations. Self-signed certificates are self-issued certificates where the digital signature may be verified by the public key bound into the certificate. Self-signed certificates are used to convey a public key for use to begin certification paths.