Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Don't mix 'validity' with 'self-signed'

Description

The table that lists the certificates in the truststore has a column that is named "Validity". It currently has three statuses:

  • valid

  • invalid

  • self-signed

Self-signed should not be a status, as a self-signed certificate could be valid as well as invalid itself.

I'd suggest to change the possible statuses in one that is 'valid', and one for any reason that a certificate is invalid.

  • valid

  • expired

  • not valid yet

  • ...

Also note that a certificate that is used to sign other certificates is not always self-signed! A certificate authority often has a short chain of certificates, where an intermediate certificate, not the root certificate, is used to sign end entity certificates.

Another thing to note is the "Key Usage" extension. If that extension is present, it defines what the certificate can be used for (I don't know what the rules are if the "Key Usage" is not defined, you'll have to look that up yourself). If there is a "Key Usage" extension, but it does not allow for the certificate to sign other certificates, we'd probably need to show an error.

Environment

None

Activity

wroot November 20, 2017 at 5:17 PM

This is not fixed yet?

Fixed

Details

Priority

Assignee

Reporter

Labels

Affects versions

Components

Created June 30, 2017 at 9:09 AM
Updated March 11, 2019 at 11:10 AM
Resolved November 20, 2017 at 8:46 PM