Overview#

CA Constraint is a Certificate Basic Constraint defined in RFC 5280 a boolean indicates whether the certified Public Key may be used to verify Certificate Signatures.

If the CA Constraint boolean is not asserted, then the keyCertSign bit in the KeyUsage extension MUST NOT be asserted. If the Basic Constraints extension is not present in a version 3 certificate, or the extension is present but the CA Constraint boolean is NOT asserted, then the certified Public Key MUST NOT be used to verify Certificate Signatures.

More Information#

There might be more information for this subject on one of the following:

• BasicConstraints
• PathLenConstraint