I have set up a local instance of Boulder and am currently testing it.
I noticed that in the certificates I receive from my Boulder instance, the “Issuer” field (Issuer: CN=h2ppy h2cker fake CA) does not match the subject name on the issuer certificate (Subject: CN=happy hacker fake CA).
I have found out that these CNs come from the two certificates test-ca.pem and test-ca2.pem in Boulder’s test setup. I have also found that in ca.json, “Issuers” is an array and that while currently two issuers are defined, theoretically many more issuers can be entered there.
I don’t recall what the state of multi-issuer support in boulder is - it might be a WIP - but this is required in order for Let’s Encrypt to support signing ECDSA end-entity certificates with an ECDSA intermediate certificate.
(Let’s Encrypt already supports ECDSA end-entity certificates, but they’re all signed by an RSA intermediate. This is scheduled to change in or before September.)
So is there any reasoning behind having two different RSA certificates that contain the same private key, and using one of them as issuer cert while using the other one to actually sign certificates, or is that just a random design choice?
I can’t say for sure, but my guess is that there are tests that need two issuers, and reusing the key was the easiest way to get that done.
The logic for the issuer cert being included in the rel="up" link depends on the UseAIAIssuerURL feature flag, so I’m not entirely certain what’s being applied in your case. If the flag is enabled, the issuer certificate is taken from the end-entity’s AIA extension, and perhaps that URL wasn’t updated to point to the right intermediate. Without that flag, the issuer certificate would be hardcoded, so that would be an explanation too.