Is there support in NSS to restrict an intermediate CA to only be able
to issue SSL certificates within a specified domain?
If yes, does this support apply to both SANs and CNs?
Can you point me to documentation on how to use this?
The reason that I’m asking is because there has been recent discussions
in m.d.s.policy about subordinate CAs that chain up to root certificates
that are included in NSS. The discussions have prompted a significant
update to the following wiki page:
https://wiki.mozilla.org/CA:SubordinateCA_checklist
My questions above are in regards to the “Third-party private (or
enterprise) subordinate CAs” defined in this wiki page.
I apologize if this is a repeated discussion topic. If so, I would
greatly appreciate a summary.
Kathleen
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
