|
|
|
|
|
|
by GauntletWizard
482 days ago
|
|
|
Browser support for it is pretty new, which is why it's so often missed. It only happened in mid/late 2023. I've been shopping a talk since then about how to set up a name-constrained root certificate, and what it should look like. It's still hard! CFSSL is my go-to tool, and it doesn't have support. I had to fork it to make it work. OpenSSL has support, but it's configuration is like all OpenSSL configuration - Poorly documented and nonstandard, mixing INI objects and object-refs. |
|
|