Mark as certificate type as CA and not End Entity

nangisda · April 30, 2021, 1:12pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
nangisda.com

I need to mark my cert as "Trusted certificate" for SSL decryption. We need an enterprise certificate authority which provides certificates with Subject type as 'CA') and mark the certificate as Type "CA" and not "End Entity". Kindly assist. Thanks.

JuergenAuer · April 30, 2021, 1:15pm

Hi @nangisda

please ask a commercial CA if that's possible. Or start your own CA.

Letsencrypt certificates are always "End Entity" - certificates. So Letsencrypt can't and doesn't want to confirm your activities.

ski192man · April 30, 2021, 2:11pm

No publicly trusted CA in the world can or will issue a certificate like that for this purpose. It is prohibited by the CA/B forum and would result in them being immediately distrusted.

If you want to do TLS decryption you will need to create your own private certificate authority and distribute the root to devices you are authorized to decrypt.

system · May 30, 2021, 2:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate please Help	2	455	December 7, 2020
I want SSL certificate Help	2	470	August 20, 2020
Host asked me to contact Let's Encrypt with my CSR Help	4	745	June 29, 2019
Will "Let's Encrypt" contact my hosting company Help	10	3517	February 24, 2019
Struggling with certificate Help	3	526	July 18, 2022

Mark as certificate type as CA and not End Entity

Related topics