-
|
I am testing step CA for use in a legacy environment with applications that don't work well with intermediate certificates. Is it possible to create a new CA that issues directly from the root without the use of an intermediate CA? I don't see anything relevant in the Thanks for any help you can offer, my apologies if this has been discussed before, I didn't have any luck finding prior discussions on a flat CA model. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hey @johnfzc, It may work if you create your (self-signed) root and configure that as both the root and intermediate of |
Beta Was this translation helpful? Give feedback.
-
|
@johnfzc I can confirm that this configuration works. |
Beta Was this translation helpful? Give feedback.
Hey @johnfzc,
It may work if you create your (self-signed) root and configure that as both the root and intermediate of
step-ca. The configured root isn't actually used in signing, but is as part of some user flows, such as bootstrapping. I haven't tried this myself yet, so there may be use cases that don't work, but intuitively I say this can work.