Hello,
Can I use letsencrypt client to sign my domain certificate like an intermediate certificate authority?
(to sign www.mydomain.com using r3 certificate.)
ISRG Root X1 > R3 > community.letsencrypt.org
No.
Only server authentication and client authentication "roles" are supported.
6 Likes
Let's Encrypt does not offer subsidiary CAs from their chain of trust.
Also, the intermediate certificates used have the pathlen set to 0:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
(Source: Chain of Trust - Let's Encrypt)
That means that any certificate signed by R3 or E1 can never be a certificate with "CA:TRUE", so any cert issued by R3 or E1 can not be used to sign other certificates.
9 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.