Skip to content

Consider limiting the self-signed root certificate's usage to code signing only #16806

New issue
New issue
Closed
Closed
Consider limiting the self-signed root certificate's usage to code signing only#16806
Assignees
donho
@polys

Description

@polys
polys
opened on Jul 10, 2025

Key Usage is currently:

  • Server Authentication (1.3.6.1.5.5.7.3.1)
  • Client Authentication (1.3.6.1.5.5.7.3.2)
  • Code Signing (1.3.6.1.5.5.7.3.3)
  • Secure Email (1.3.6.1.5.5.7.3.4)
  • Time Stamping (1.3.6.1.5.5.7.3.8)

Please consider removing Server/Client Authentication as it's a security risk for anyone installing it under Trusted Root Certification Authorities.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions