I see two common patterns of using -t switch argument for the certutil tool
certutil ... -t "CT,c,c"
and
certutil ... -t "P,,"
when taking care of self-signed SSL certificates for web servers.
Can anyone explain the difference between them and when to use one or the other?
Documentation lists possible values for -t switch
+ p - Valid peer
+ P - Trusted peer (implies p)
+ c - Valid CA
+ T - Trusted CA to issue client certificates (implies
c)
+ C - Trusted CA to issue server certificates (SSL only)
(implies c)
+ u - Certificate can be used for authentication or
signing
+ w - Send warning (use with other attributes to include
a warning when the certificate is used in that
context)
But I could not find any further explanation.
