Sign domain certificate like an intermediate certificate authorities

kyungmin.kim · March 10, 2022, 4:56am

Hello,

Can I use letsencrypt client to sign my domain certificate like an intermediate certificate authority?
(to sign www.mydomain.com using r3 certificate.)

ISRG Root X1 > R3 > community.letsencrypt.org

rg305 · March 10, 2022, 5:43am

No.
Only server authentication and client authentication "roles" are supported.

Osiris · March 10, 2022, 7:14am

Let's Encrypt does not offer subsidiary CAs from their chain of trust.

Also, the intermediate certificates used have the pathlen set to 0:

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0

(Source: Chain of Trust - Let's Encrypt)

That means that any certificate signed by R3 or E1 can never be a certificate with "CA:TRUE", so any cert issued by R3 or E1 can not be used to sign other certificates.

system · April 9, 2022, 7:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Intermediate or root certificate signed by lets's encrypt Help	3	183	July 13, 2024
Using a letsencrypt certificate as a signer Help	10	1765	March 30, 2023
Why doesn't Let's Encrypt issue CA certificates? Feature Requests	26	4790	March 9, 2021
Recommendation on client-side trusted root CA certificates Help	3	1470	January 16, 2021
How to cross-sign with let's encript intermediate authorities with other authorities Issuance Tech	10	1225	June 25, 2023

Sign domain certificate like an intermediate certificate authorities

Related topics