89f0bdaac5c979bdce826ce81ca766b5b6a0adec
services/Certificate-Authority.md
| ... | ... | @@ -1,6 +1,19 @@ |
| 1 | 1 | # SSL Certificate Authority |
| 2 | 2 | |
| 3 | -internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses. If you would like to trust the certificate import the following: |
|
| 3 | +internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses. |
|
| 4 | + |
|
| 5 | +The name constraints can be verified for example by using openssl: |
|
| 6 | +``` |
|
| 7 | + openssl x509 -in dn42.crt -text -noout |
|
| 8 | +``` |
|
| 9 | +which will show among other things: |
|
| 10 | +``` |
|
| 11 | + X509v3 Name Constraints: |
|
| 12 | + Permitted: |
|
| 13 | + DNS:.dn42 |
|
| 14 | +``` |
|
| 15 | + |
|
| 16 | +If you would like to trust the certificate import the following: |
|
| 4 | 17 | |
| 5 | 18 | ``` |
| 6 | 19 | -----BEGIN CERTIFICATE----- |