privateca root ca example is invalid for a standard compliant root ca
hoexter opened this issue · 2 comments
TL;DR
The sample in privateca/certificate_authority_basic/main.tf looks like it's a copy of the subordinate setup and not for the root.
Expected behavior
Sample should be somewhat compliant to RFC 5280 and CA/B Baseline Requirements.
Observed behavior
SAN on Root -> does not make any sense
pathLen on Root is not forbidden but according to the rfc not evaluated and not recommended by CA/B BR
extendedKeyUsage is forbidden by CA/B BR on a root
Terraform Configuration
does not applyTerraform Version
does not applyAdditional information
No response
Thanks for your feedback @hoexter and the additional reference materials. They are super helpful. While I've left feedback on the PR, it seems like we may need to get the main terraform docs updated as well so that we are matching up our docs across pages. @msampathkumar do you have knowledge on these samples?