Hello, I have a question: is it possible to set basic constraint extension for certificate request ? I use NET 8.0 with certes library, but I don't see correct method for it. So I would like to know, let's encrypt provides this option for configuration ?
Regardless of what's in your CSR, Let's Encrypt will always set basic constraints to critical, with cA=false. ISRG CP/CPS v5.3 - Let's Encrypt
7 Likes
Ok, by default it is false. As I can see I can request Subordinate CA Certificate (exactly what I need). I just need to expire method
No, we do not issue subordinate CA certificates to Subscribers. The certificates we issue to Subscribers are always cA=false.
8 Likes
You getting cross sign from a public CA means you now have to do full audit as CA/B BR requirement, and parent CA are liable to any mismanagement from your side
5 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.