Is your change request related to a problem? Please describe.
I have a web server that has a self-signed cert installed. php-ssl shows it as good, since the date and hostname are valid. However, this cert does not have the Basic Constraint of CA:TRUE, so it should not be permitted to sign itself. In the image below, you can see that the cert is signed by itself, and it is considered to be valid.
Describe what you'd like different
It should probably be flagged as "Self-signed", just like hostname problems are flagged as "Domain mismatch".
Describe alternatives you've considered
None
Describe how the change would benefit other users
This would prevent users from incorrectly believing that everything is okay with the certificate, when it probably needs attention.
I noticed that there does not exist a "Settings" page for this app. If there were one, there could be a config setting for "Flag self-signed certs".
Is your change request related to a problem? Please describe.
I have a web server that has a self-signed cert installed.
php-sslshows it as good, since the date and hostname are valid. However, this cert does not have the Basic Constraint ofCA:TRUE, so it should not be permitted to sign itself. In the image below, you can see that the cert is signed by itself, and it is considered to be valid.Describe what you'd like different
It should probably be flagged as "Self-signed", just like hostname problems are flagged as "Domain mismatch".
Describe alternatives you've considered
None
Describe how the change would benefit other users
This would prevent users from incorrectly believing that everything is okay with the certificate, when it probably needs attention.
I noticed that there does not exist a "Settings" page for this app. If there were one, there could be a config setting for "Flag self-signed certs".