Mark as certificate type as CA and not End Entity

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I need to mark my cert as "Trusted certificate" for SSL decryption. We need an enterprise certificate authority which provides certificates with Subject type as 'CA') and mark the certificate as Type "CA" and not "End Entity". Kindly assist. Thanks.

Hi @nangisda

please ask a commercial CA if that's possible. Or start your own CA.

Letsencrypt certificates are always "End Entity" - certificates. So Letsencrypt can't and doesn't want to confirm your activities.

No publicly trusted CA in the world can or will issue a certificate like that for this purpose. It is prohibited by the CA/B forum and would result in them being immediately distrusted.

If you want to do TLS decryption you will need to create your own private certificate authority and distribute the root to devices you are authorized to decrypt.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.