best practice for creating a CA cert?
Hi there Due to the upcoming Google instigated phasing out of SHA-1, I'm looking at creating a new enterprise CA (ie internal only) If I just click through the defaults of openssl ca, I'd probably end up with a 2048bit RSA, SHA-2 (256) cert. So my question is, should I future proof that by making it 4096bit and maybe SHA-2 (512)? (ie I want the CA to be viable for 10 years, not 5 years). What is the performance impact of increasing these values of the CA cert itself? I'd expect to still only sign 2048-bit, SHA-256 server/client certs - but is there a real performance downside to making the CA cert itself stronger? I don't care if the CA takes 30 seconds longer to sign a cert - but I'd really care if it made a web browser hang when talking to the resultant server cert ;-) Thanks! -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: best practice for creating a CA cert?
On 30/09/14 03:30, Michael Sierchio wrote: There are many places where a PKI breaks - hash collisions are far down the list. Most internal CA implementations offer no more effective security or trust than just using self-signed certs - the objective seeming to be to make browsers not complain about the SSL connection. Without subsidiary CAs, good discipline about their use, a CRL distribution point baked into certs (or OCSP), you can only verify that a cert was valid when it was signed, but have no way of dealing with private key compromise, etc. which happens all the time. Spend some time thinking about revocation, cert lifespan, etc.if you want to make a CA stronger. Whoa! Big assumptions in there batman!!! Don't for a minute assume you have any understanding about how we use said CA cert. Yes, all of that was thought through 12 years ago when we started doing this. In my experience, our company has been one of the few enterprise environments where a PKI has actually fundamentally improved our security posture, and it was ENTIRELY through focusing on processes - not the technology! (sheesh, ask a simple question... ;-) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
can openssl command line tool be used to create a SCEP cgi?
Hi there We're looking at introducing Mobile Device Management into our organization and we have a home-built PKI based around openssl command line tools and a bunch of shell scripts. Works well, very bespoke - moving away from it would be a major drama (ie changing to a better PKI that had built-in support for SCEP is further down the track) Anyway, it doesn't support SCEP and I am trying to see if I can implement it myself. I have got a scep client to create a PKCS#7 container submission, upload it to my stub SCEP CGI, and can get interesting details out via openssl asn1parse -in scep-request.pem openssl pkcs7 -in scep-request.pem -print_certs openssl smime -verify -in scep-request.pem -inform pem -CAfile CA-pubkey.pem -noverify My reading of the SCEP RFC tells me that PKCS#7 file actually contains a PKCS#10 encrypted request, but how do I get that out, convert it back into a normal CSR for openssl ca to sign, then bundle it appropriately up for delivery back to the SCEP client? Is that even possible with command line tools, or is this exclusively the realm of actual PKI products? Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Apache SSL3_ACCEPT:unsafe legacy renegotiation disabled?
Hi there We have a CentOS-4.8 server that was upgraded to httpd-2.0.52-41.ent.7.centos4 this week - along with dependencies like openssl-0.9.7a and openssl096b At that moment our client-certificate based authentication Webapp broke :-( It's really weird. Users running Firefox-3.5+ or Chrome are still working fine - but MSIE7 and MSIE8 now get that useless MSIE error page and Apache reports lines like [Thu Apr 01 12:41:41 2010] [error] SSL Library Error: 336068931 error:14080143:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled Obviously this is related to the SSL renegotiation bugfix - but Google cannot find anyone else seeing this - so I'm thinking we have some peculiar to us? Our Apache config states Location ~ /(ssl_secure/) SSLVerifyClient require SSLVerifyDepth 1 SSLOptions +StrictRequire +StdEnvVars -ExportCertData +OptRenegotiate /Location So when you attempt to access https://server/ssl_secure/ - you are asked for your client cert. We have another section of the site that has SSLVerifyClient optional and that also triggers the same fault in MSIE - and FF/Chrome work fine :-( Help? Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Apache SSL3_ACCEPT:unsafe legacy renegotiation disabled?
On 04/01/2010 11:50 PM, Saju Paul wrote: OptRenegotiate - enables avoidance of unnecessary handshakes by mod_ssl which also performs safe parameter checks. It is recommended to enable OptRenegotiate on a per directory basis. also performs safe parameter checks maybe the key. disable it and check if MSIE likes it. Nope - didn't make a difference -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Apache SSL3_ACCEPT:unsafe legacy renegotiation disabled?
On 04/02/2010 02:21 AM, Chris Clark wrote: You need to upgrade Apache to httpd-2.2.15 (released March 6, 2010) Your version is years old. It is the official version released for CentOS-4.8 this week (which actually means Redhat too). It wouldn't surprise me if they never tested the client cert case too well - I certainly don't understand why only MSIE is having a problem. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Apache SSL3_ACCEPT:unsafe legacy renegotiation disabled?
On 04/02/2010 08:13 AM, Jason Haar wrote: On 04/02/2010 02:21 AM, Chris Clark wrote: You need to upgrade Apache to httpd-2.2.15 (released March 6, 2010) Your version is years old. OK, this is getting weird... I just created the same directory structure on a CentOS-5.3 server running httpd-2.2.3-31.el5.centos.4 (which also only came out this week) and I get EXACTLY the same issue! (ie works with FF/Chrome - but not MSIE8) Can someone confirm they see the same issue with Location /ssl_secure SSLVerifyClient require SSLVerifyDepth 1 SSLOptions +StrictRequire +StdEnvVars -ExportCertData +OptRenegotiate /Location I'm confused, I don't understand how no-one else seems to see it? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Apache SSL3_ACCEPT:unsafe legacy renegotiation disabled? [ANSWER]
I found a fix. I'll be verbose to make this better for search engines :-) So after upgrading to httpd-2.0.52-41.ent.7.centos4 under CentOS-4.8 and/or httpd-2.2.3-31.el5.centos.4 under CentOS-5.3 our client-cert based authentication started failing for all versions of MSIE (Internet Explorer) httpd-2.0.52 produced the following error [Thu Apr 01 12:41:41 2010] [error] SSL Library Error: 336068931 error:14080143:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled Whereas httpd-2.2.3 produced [Fri Apr 02 09:54:36 2010] [debug] ssl_engine_kernel.c(426): Changed client verification type will force renegotiation [Fri Apr 02 09:54:36 2010] [info] Requesting connection re-negotiation [Fri Apr 02 09:54:36 2010] [debug] ssl_engine_kernel.c(625): [client 218.101.54.25] Performing full renegotiation: complete handshake protocol (client does not support secure renegotiation) What I'm guessing has happened is openssl was patched to fix the renegotiation flaw discovered last year, and although Firefox-3.5+ and Chrome-5.036+ work fine with this updated version, MSIE 7 and 8 still don't contain a fix? Anyway, google final lead me to a new Apache option. Adding the following line to your config will make Apache (mod_ssl actually) revert to the older insecure option, and then MSIE will work again SSLInsecureRenegotiation on Obviously we now need to track MSIE patches and wait until that is fixed, and then remove this option. Thanks Microsoft, you never cease to disappoint me -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: specific cert extensions needed for smartcards?
Grrr - and I find the answer within minutes of sending this! As always, the hardest part with using Google is to find the right words to search for. Anyway, Microsoft have whitepapers on using 3rd-party CAs for smartcards, and so using certutil I was able to initialize our AD so that it would work with smartcards. I also found the cert extension needed - 1.3.6.1.4.1.311.20.2.2 is for smartcards. i.e. add 1.3.6.1.4.1.311.20.2.2 to extendedKeyUsage during cert creation. There is also evidence you need to ensure the CN string matches the AD Display Name field. However, these whitepapers also state the Domain Controllers need very special certificates installed before they will actually allow themselves to be involved with smartcard login attempts. They contain some quite weird-ass extendedkeys and BMP data, and the Subject Alternate Name needs to include the AD GUID of each DC! Such specific attributes would take an age for us to build into our existing PKI processes - we have over 40 DCs today and I don't look forward to fiddling with certs on them all just to test smartcard access :-( Links: http://support.microsoft.com/kb/281245 http://support.microsoft.com/kb/295663/ http://support.microsoft.com/kb/291010/ Jason Jason Haar wrote: Hi there I'm evaluating eTokens for secure cert storage and along with other aspects was looking at the ability for Windows domains to use smartcards to control login access. Aladdin eToken documentation explicitly states you have to use a Microsoft CA to generate certs that can be used for smartcard access. However, we have a OpenSSL based PKI and I want to use that instead. I'm guessing all I need is to insert each users pubkey into their AD accounts Published Certificates tab, but when I try to login I get a generic error. So I'm guessing there are cert extensions that AD's smartcard control looks for. Any ideas what they are (or am I totally off-track?) Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
specific cert extensions needed for smartcards?
Hi there I'm evaluating eTokens for secure cert storage and along with other aspects was looking at the ability for Windows domains to use smartcards to control login access. Aladdin eToken documentation explicitly states you have to use a Microsoft CA to generate certs that can be used for smartcard access. However, we have a OpenSSL based PKI and I want to use that instead. I'm guessing all I need is to insert each users pubkey into their AD accounts Published Certificates tab, but when I try to login I get a generic error. So I'm guessing there are cert extensions that AD's smartcard control looks for. Any ideas what they are (or am I totally off-track?) Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Renewing a CA root certificate
Arsen Hayrapetyan wrote: A solution could be one which Jason described. May be the reason by which the new root certificate is not recognized is that the serial number was changed? Could very well be the case. Our original CA had a serial number of 0. This has proven to be a bad move as Cisco IOS refuses to accept a CA cert with such a value (even though the RFCs state a serial number must be an integer, and last I looked, zero is an integer...) So I when I resigned the CA I gave it a serial of 1 so as to fix that problem. As I am keen to gain the ability to sign Cisco certs, I'm going to simply start a new CA. We'll reconfigure all our servers to accept both the old and new CA, and then simply phase over all new signings to the new CA. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Renewing a CA root certificate
Greg Vickers wrote: Thanks again - we will do a re-key. Would I use the CA.pl script and put in the same information that is in the original CA certificate? Will that result in a CA certificate that can be used in browsers etc and will authenticate web server certificates issued by the old certificate? I think the answer is: it depends I have just tested this very situation out myself a couple of weeks ago. Had an existing CA which is going to expire in 2007, but now have heaps of client certs out on end-user machines with expiry dates 2007 (yes, it can be done - don't ask why we did this - too much detail!). So I'd *love* to be able to re-create the CA cert with a longer expiry date. So I did. different expiry date and different serial number from the original - but everything else identical. However, that still makes it a different cert. Anyway, I tested a new client cert signed with the new CA against an existing Cisco VPN3000 concentrator which is configured to only accept certs signed by the old CA - it worked!! Then I tried it against an Apache web server configured to only accept client certs signed by the old CA - It failed. Apache didn't recognize the signing CA. So I'm guessing there's a bug in Cisco's VPN solution - as I think Apache was the one acting correctly :-( I really hope someone who knows more than Greg and I can give an authoritative answer to this question. I'd LOVE to know how to recreate a CA cert (instead of creating a new one and having to touch 1000's of machines to update them). But I get the feeling this can't be done -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: client side certificates
Raymond Popowich wrote: I tried using both the CA cert and a cert that came with the signed client side certificate from Geotrust. I also have a client side certificate from Verisign on another computer. Both computers get a pop-up to pick a cert to use to connect from within IE, but the box is empty. Below is what I added to the apache config within the virtualhost section for this particular web site. If it matters this web site is nothing more than an HTTPS proxy to another web server that is not internet accessible. If IE gives you an empty popup for choosing a cert, then either IE has no client cert to offer, or the server is asking for certs signed by CAs that don't include the ones the client has. (BTW it's a bug in IE - it can do the same thing for clients without *any* certs when faced with the SSLVerifyClient optional rule!). So can you confirm that entering Tools-Internet Options-Content-Certificates shows Personal certs, and that if you View them it states there's a private key associated with that cert? And then confirm that the CA that signed that cert is one trusted by Apache via SSLCACertificateFile or SSLCACertificatePath (those should point to copies of the CA public keys - not the same cert that is on the client. I can't figure out from your mail if you've already worked that out, so sorry if that's pointing out the bleeding obvious ;-) One thing that I'd like some clarification on. Once I get this working, shouldn't there be a way for me to say I only want certain client side certificates to be able to connect to this web site? Otherwise anyone with a client side cert can connect. I'm sure I'm missing an important piece of information here and I just need to be pointed in the right direction. That's what SSLCACertificateFile or SSLCACertificatePath is about. You can use that to restrict what client certs you support down to just those signed by those CAs. To further restrict to a subselection, see mod_ssl documentation for SSLRequire - e.g. SSLRequire %{SSL_CLIENT_S_DN_O} eq Snake Oil, Ltd. \ and %{SSL_CLIENT_S_DN_OU} in {Staff, CA, Dev} -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What does Outlook 2003 look for in a S/MIME cert?
Dr. Stephen Henson wrote: By default the PKCS#12 files OpenSSL creates should be key exchange keys unless you supply the -keysig command line argument. I Groan! Well spotted Steve! It appears we scripted calls to openssl with the -keyex option when making certs (it was specifically to stop people using client certs for email - well that worked!!! ;-)... I removed that and now a cert can decrypt S/MIME emails :-) Thanks for that Steve! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
What does Outlook 2003 look for in a S/MIME cert?
I am having difficulty getting Outlook to read S/MIME encrypted emails, and I'm wondering what's wrong. We have an internal PKI, and I have created a signed cert that can be used for S/MIME. Thunderbird happily sends and receives signed and encrypted emails with it. Under Windows (which trusts the CA), Outlook is happy to associate the cert with digital signing, and can send both signed and encrypted emails. However (and here's the shocker) *IT CAN'T READ THE SENT ITEMS COPY OF THE EMAIL IT JUST SENT* Stupid or what? ;-) So I'm thinking there must be something about the cert or the CA that signed the cert that Outlook 2003 (fully patched) doesn't like. I'm hoping someone on this list will go oh that was a known problem back with XYZ - do this. PS: The CA was created by OpenSSL-0.9.? some 4 years ago. As such some of it's OIDs/etc may be responsible for this issue. Hopefully someone knows? Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What does Outlook 2003 look for in a S/MIME cert?
Richard Levitte wrote: Jason Haar writes: Under Windows (which trusts the CA), Outlook is happy to associate the cert with digital signing, and can send both signed and encrypted emails. However (and here's the shocker) *IT CAN'T READ THE SENT ITEMS COPY OF THE EMAIL IT JUST SENT* Stupid or what? ;-) My first thought is that OutLook may have stored the encrypted mail in the Sent Items folder. Meaning it's encrypted using the recipient's public key, meaning only the recipient can read them. No - that's not it. I thought of that and so sent myself the email. As such it's encrypted with my private key + my public key (i.e. I am Bob and Alice) - so that can't be it. It's as though it has encrypting rights but not decrypting rights. However, I've checked the extendedkey options and that's not the case - they're not even mentioned - it's a cert that can do S/MIME - that's it. Thunderbird is 100% happy, Outlook is happy enough sending with it - just not reading. I also made sure my public key was associated with a Contacts entry for myself (that's how Outlook tracks public keys) - so it should have all it needs to do the job. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: What does Outlook 2003 look for in a S/MIME cert?
Dr. Stephen Henson wrote: Where was the private key used created? Was it generated under CryptoAPI or imported as a PKCS#12 file from an external source? It was created using OpenSSL - turned into a p12 and imported. Due to various deficiencies in the internal format for Windows private keys there are some which it can use the public key but not the private key because it can't be represented in its format. An example if if the two primes are of different size. Unless you know something specific to Outlook, I don't think that's the problem. We use the same method to create standard user certs for accessing HTTPS web sites - and they work fine under Windows/MSIE. The other thing is that I can use Outlook to send an encrypted email to myself, then access that mailbox using Thunderbird (with the same cert) - and Thunderbird reads it fine. So Outlook must have successfully used the private key to do the encryption. It's weird - it can generate encrypted emails, but can't read them... Is anyone successfully using S/MIME within Outlook? I don't expect many on this list to be Outlook users - but I expect a lot are like me and mainly have Outlook users surrounding them :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Generate a CRL from an OCSP request
Julien VEHENT wrote: I don't want to use HTTP just because web server are to much attacked. Moreover, OCSP is very interesting for the student that i am :) OK so if i use a boring script which request 100 serial in one line, what is the correct syntax to generate a CRL using the OpenSSL OCSP request ? I don't think you can do what you want anyway - you have a chicken-n-egg problem. As far as I'm aware, an OCSP environment implies the following. You (e.g. the HTTPS server) are asked to interact with a remote cert, you can tell it was signed by a CA you trust - but you don't know if it hasn't been revoked. So you call OCSP and say is serial 7423342 still valid and it answers yes or no. So for you to dump all the revoked certs contained within a OCSP db, you'd need to know all of the serial numbers in advance. And the only thing that know all the assigned serial numbers - is the CA itself. So now what do you do? Log into the CA and dump the serial numbers, copy them over to the box and then use OCSP to recursively do the lookups?!?! A waste of time - you could have just grabbed the CRL file in the first place. What we do is have a distribution of CRL Servers. Simply Apache server with a copy of our CRL (rsync'ed onto the Apache servers from the CA on an hourly basis). As Stephen said, all CRLs are digitally signed by the CA - so THEY CANNOT BE ALTERED. Worst case scenario is that the Web server is compromised and...? The CRL is deleted...? Corrupted? It can't be altered. I mean if you're Web server is compromised, the integrity of your CRL file is irrelevant -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Any more work on CRL support in mod_ssl?
Hi there We run an internal PKI and one thing I've noticed is that HUP doesn't guarantee the CRL files get re-read. Also our DMZ Apache hosts are now using mod_chroot - and you can't HUP that as most of Apache's configuration is outside the jail - only a full restart will work :-( So I was wondering if there is ever going to be support for re-reading the CRL files when - say - the nextUpdate field is reached? It's easy enough to download new CRL files, but nothing short of a full restart of Apache guarantees it will be read. PS: in case you're wondering, our Web servers involve some long-transaction time HTTP events - that's why a full restart is an issue (it breaks them). -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: CRL Distribution Point
Steve Larson wrote: I am wanting to get CRL Distribution Points working within my client certs. Using Apache I am able to get certificate revocation working using the SSLCARevocationFile directive (using a local file). Using a http://www.webserver.com/crlfile.crl within the cert (CRL Distribution Point) it doesn't work. I have put the crl on a remote web server. Watching the logs on the remote server I do not see the crl being accessed. Any troubleshooting tips? You can't do that - Apache can only look at local files. We use an rsync script to replicate CRLs out to CRL Web servers and from there push copies out to Apache servers that need them. Also note that Apache doesn't notice that the CRL has been updated - so you need to HUP or restart Apache to reload it. So far the only applications I've found that support reading remote CRLs are Web browsers (although IE/Outlook isn't reliable at that) and Cisco's VPN 3000 concentrator series. That isn't a definitive list - just what I've found to work well. If you want to pull CRL updates, you'll need to write a script to do that. Actually, either way you'll need a script. BTW: Does anyone know how IIS handles CRLs? As far as I'm aware, it still doesn't? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Certificate validation failure, Successful
Richard A. Faulk Jr. wrote: I just tried setting the crl file to DER encoding and specified that files with .crl extensions are application/x-x509-crl. I am still receiving the certificate validation failure error on the Cisco concentrator. Is there anything else that I need to do? Am I doing something wrong? You are referring to the VPN-3000 series aren't you? And running a 1 year old release? It works for us... Jason PS: use curl -i http://site/file.crl | more to view what the cert really looks like. It should be Content-type: application/x-x509-crl and the contents should be binary. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate validation failure, Successful
We do this here. Ensure your URLs are application/x-x509-crl, and the CRL is DER encoded and you'll be fine. Cisco did a real good job with their PKI support in the VPN-3000 series - I wish I could say the same for IOS (our CA has a serial number of 0, and IOS refuses to trust a CA with a serial 1. Strange - I always thought 0 was an integer as required by the SSL RFCs... :-() -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: smime certificates
Dr. Stephen Henson wrote: Well unless the software provides a means to reencrypt with a new certificate the only way is to keep the old certificates and private keys on the system. soapbox This is something I noticed before too - and appears to be a real failing with PKI. Although by failing I mean not what end-users expect... Let's assume the whole world has embraced PKI and everyone is sending/receiving S/MIME encrypted e-mails. How are we (as a society) meant to handle old e-mails - when by definition there is a lifespan associated with any certificates used in them? A different spin on the same problem: my cert gets stolen/compromised. I get my certificate revoked. Now no-one trusts my old e-mails - sent and signed by me before the cert was compromised?!? You may argue that is a MUA S/MIME implementation issue - but it's true today for the MUAs I've tried. What is the purpose of the expiry date on a S/MIME cert anyway? If you had a cert with a 1-year expiry date, *and you know it was never compromised* - then that fixes these sorts of problems. Is there any downside to that? As far as S/MIME is concerned (IMHO time-limited certs do have a place in other roles), if the safety of the cert is assured, then maybe we should have huge expiry dates on them? The idea that you have to renew/get new certs for crypting e-mails (documents in general?) doesn't seem right to me... I mean, as far as a usercode goes, as long as you have a right to access (say) a company network, your usercode is static. Your password that protects that usercode should be changed on a regular basis - but even that is really to *limit the length* of a compromise more than stop it being compromised in the first place. Maybe we should ensure apps focus more on private key protection than try to get the certificates via expiry dates to do that job? (and yes, that can always be worked around as the end-user controls everything in the case of a cert) /soapbox -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
pkcs12 -name and -caname don't allow spaces anymore?
I have a system converting PEM files into P12 via pkcs12. e..g openssl pkcs12 -export -in test.pem -inkey test.key -out test.p12 -name Joe Shmoo's certificate This works fine under Fedora Core2 (openssl-0.9.7a-35), but the downloaded openssl-0.9.7d I just compiled up from scratch errors out showing the usage or help error. The problem appears to be that 0.9.7d doesn't allow spaces in -caname or -name compared with 0.9.7a. Is that the case, and is there any way of stopping that error? Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
What's the best way to emulate SSLVerifyDepth within PHP/etc?
Hi there We use client certs to access an Apache Web server. It all works well except that if the user only a cert not signed by one of the Apache's trusted CAs, they end up with this gross IE error page - which doesn't tell the user what went wrong. If they don't have any client certs, then using SSLVerifyClient optional can catch that (and I can use PHP to redirect to a nice error page), but it can't catch having a cert signed by someone else. So instead of using SSLVerifyDepth 1, I thought I'd allow any client cert to be accepted, then use PHP to veto it, etc. I can do this as I only look for a client cert on a login page - I use cookies to actually do auth after the initial check. Anyway, can some combination of Apache environment variables add up to the same thing? I'm concerned that someone could conceivably create a CA with the same details contained within our CA's public key, then sign a cert with that, then break through such a system. I know SSLVerifyDepth stops that, I just want to find another way of doing the same thing... Thanks! (and brickbats to Microsoft!) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: revoking expired certificates
On Thu, Jan 22, 2004 at 10:44:31AM -0500, Rich Salz wrote: Why? If I signed something last week, and the certificate was valid last week, isn't the signature still good? There are some people who feel differently. It probably all depends on legal and regulatory context. Is the wet signature on a will still valid when the person dies? Of course. I'm glad this has been bought up, as it's confused me for a while. If I am using S/MIME, someone could steal my laptop and I might decide my cert is compromised and have it revoked. Someone (i.e. their MUA) who received a signed e-mail from me a week early should still consider me e-mail valid because even though it's in the CRL - that was timestamped *after* the e-mail was sent. Is that correct? What if my cert happened to expire 1 month later? Would that mean if someone did compromise my cert and sent signed e-mails before it expired (but *after* I added to the CRL), then after it expires, that signed e-mail would appear VALID - as it wouldn't be in the CRL anymore? I mean, wouldn't that be a major failing of PKI? I must be missing something... [e.g are you meant to always renew S/MIME certs - due to this special issue - so that they never expire?] -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Sign PIX certificate using OpenSSL CA
On Wed, 2003-12-17 at 05:02, Jon Barber wrote: Probably your best bet is OpenSCEP : http://openscep.othello.ch/ Having said that, openca looks very promising and has SCEP support in the CVS tree at the moment. OpenSCEP is quite lightweight specific, whereas OpenCA is trying to be a full blown CA / RA etc. If somebody else is actively working on this, please warn me off... We're using an OpenSSL based CA internally, and use OpenSCEP to provide minimal SCEP functionality so that we can get Cisco routers and VPN-3000's working. They generate their own certs, then use SCEP to push their cert request at the CA for signing. Thereafter we use other methods to: a get a copy of the CA public key - that's all that SCEP is actually required for - all the rest can be done via cut-n-paste. b download CRLs. We primarily use good old fashion HTTP to download CRLS - our CRL servers. We have a bunch of them throughout the company WAN (a cronjob rsync's new CRL files from the CA to them whenever it's updated/hourly), and these routers/concentrators point at their local ones. SCEP would be great if we had 100,000's of users, but as we only have a couple of thousand, a full CRL file is only every going to contain 100 entries, and the CRL servers are on the same LAN - so who cares about the performance... Obviously Cisco want you to use SCEP for the whole process. Getting the cert req to the CA, signing it, then uploading it back to the router. But I don't trust automating SCEP to just blindly sign any outstanding cert request - I mean - what are they on!?!?!?! As we want to manually OK all such requests, the overhead of having to cut-n-paste the req is totally ignorable. Anyway, once you've got the process figured out and documented, it's a piece of cake :-) Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Usage of AES question
On Fri, 2003-12-05 at 03:25, Vadim Fedukovich wrote: As far as I know AES is a symmetrical Algorithm which does not use Public Keys. So the password you give (or more probably a hash of the password) will be the key for en- and decrypting the data. Doing so would result in a one single fixed key for different messages to encrypt. One should think twice before doing it this way. I'll take a stab at the answer. As far as I'm aware, AES - like DES and 3DES before it - are *only* used to encrypt data. They take no part in PKI to do with public keys/etc. The principle in PKI is that you generate a private and public key using RSA or DH (?). These are *extremely* strong (i.e. computationally expensive operations) operations, and are used to do session key exchanges for (e.g.) network encryption sessions such as SSL and IPSec. So you use RSA/DH to gain a secure channel over which you agree on a (randomly generated) session key. That session key (a password if you like) is then used to actually encrypt the data - using AES/DES. Part of IPSEC's IKE protocol is to handle these sessions - how long a particular session key is valid for/etc. e.g. IPSec might renegotiate new session keys each hour - which means that even if a hacker grabs the data stream, and spends a couple of months brute-forcing AES/DES keys against the data, at most they end up decrypting an hours worth of data. The assumption here being that the RSA/DH keys take 1,000 of years to brute. Does that sound roughly correct? Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Decrypting SSL packets with openSSL
On Fri, 2003-11-07 at 21:45, Lutz Jaenicke wrote: When you are using s_client, you will most likely negotiate an EDH cipher that cannot be decrypted with ssldump. Use openssl -s_client -ciphers RC4-MD5 ... to generate decryptable sessions... Ah - thank you - that makes total sense (and also allows me to see it working :-). It's just that I see people who keep mentioning ssldump as some magic tool that will allow you to decrypt all that traffic going to your SSL-protected application. Whereas the reality is that will only work if a static RSA cipher such as RC4-MD5 is negotiated during SSL setup. So you really have to force your SSL server to exclusively support such ciphers to be able to reliably decrypt SSL traffic, and yet they are not the most secure of options available. So in reality, even having access to the server certificate(s) doesn't allow you to decrypt SSL traffic except when you go out of your way to force the app to use a less secure crypto option. Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Decrypting SSL packets with openSSL
On Fri, 2003-11-07 at 14:26, Rich Salz wrote: I don't think it really works - I certainly never got it to work. Most likely becuase you don't have the keys. Bzzt - sorry - I'm not that stupid today ;-) If I do ssldump -Ad -i eth0 -k server-cert.pem host me and port 443, where server-cert.pem contains BEGIN RSA PRIVATE at the top followed by BEGIN CERTIFICATE later on (i.e. a merged key + cert - that Apache is actually using itself), and then connect via openssl s_client -conn me:443 and do GET /, I don't see GET showing up in the ssldump output - only a bunch of SSL parsing and what looks like raw encrypted data in hex. Maybe I have an old version? (0.9b3) Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Signing a CSR from JetDirect
On Mon, Jul 14, 2003 at 11:35:01AM -0600, Bob DeBolt wrote: It seems to me that it is in the best interest of the major CAs to not offer wildcard certificates; that way, they can charge their outrageous prices for each certificate that you need, and when you happen to change a hostname, they are right there at the trough looking for more money. True - but there's a less evil reason. If all your servers use the same cert, and *ONE* gets compromised, then *ALL* your servers are compromised (from a PKI trust point of view) IMHO You should always use unique certs. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Can SSL certs be used within openssh?
Is that possible? Now that we have a nice internal PKI running, I'd like to exploit it as much as possible. Is there any way a SSL cert could be used within openssh? So that if you tell openssh to use /home/jhaar/.my-cert.pem, then it'll use that instead of the .ssh/id_rsa* or .ssh/id_dss* files... Similarly, sshd could use server certs. Can it be done? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ocsp and certificat revoked
On Tue, Mar 18, 2003 at 10:29:18AM +0100, EL OUASSAIDI Abdo Lkarim wrote: - 5 minutes later, a client ask the ocsp server about the status of the certificat (serial number=1) and the server responds good. But the certificat is revoked. Does this scenario can be true? Sounds likely if you're using Active Directory :-/ Caching issue perhaps? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
How should CRLs be handled by S/MIME clients?
This may be getting OT - but I'm not sure where else to ask... I'm using OpenSSL to generate S/MIME certs for Outlook and Mozilla. The two MUAs can send encrypted/signed emails fine to each other. I wanted to check if CRL was working WRT S/MIME, so I revoked a cert and then sent an encrypted email to another account using that revoked cert. Neither Mozilla or Outlook mentioned any problem - they happily opened the message! Actually that's not quite true - Mozilla shows the signed icon as broken - but only says the signature is invalid - not quite the same as the certificate has been revoked - don't trust the contents I would have expected... I'm still having difficulty getting the crlDistributionPoints to work within the certs, but I know the CRLs within the two systems were up-to-date as I manually installed the CRL (yes, generated after revoking the cert, and checked via openssl crl to ensure the serial number was in it :-) into Mozilla and IE (and therefore Outlook). Is this a known problem? Pretty darn useless if the MUA doesn't tell you that a cert has been revoked... Pretty fundementally broken. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How to stop Outlook saying it can't find the CRL?
On Mon, Feb 24, 2003 at 09:43:57PM -0600, Kenneth R. Robinette wrote: Then the Microsoft Explorer will pop up a dialog box giving you the choice to save or open. If you pick open, and have the .crl file type with the open action I described, the But all this isn't an option. Seriously, users can't be expected to run command-line tools or change file options in order to know whether a cert is valid or not... I have got some ways to a solution: I have found that if I changed assosiating .crl files with application/pkix-crl to application/x-x509-crl instead, both IE and Mozilla recognise it as a CRL. However, if I click on the .crl file within IE (or save to desktop and double-click), it brings up a read-only view of the CRL - i.e. it doesn't import it. At the same time, Outlook still claims the CRL is invalid - even though it is downloading it (I'd guess it has the same problem IE does as Outlook uses IE libraries). However, if I save the .crl to the desktop and then enter the Cert Wizard in IE and import it, then it imports correctly, and Outlook then claims that everything is OK. So the 1M question remains: how does Outlook do CRLs? Anyone else come across this? Users cannot be expected to have to manually handle their CRLs - this must be a config issue for me... :-( -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Co-signed certs? (was: Tunneling Client Certs)
All this talk about trying to gateway client certs has got me thinking about something I saw last week in the PGP-8.0 docs. They have this concept of additional decryption keys. Apparently you can configure PGP so that even though you are the only one with your key-pair, when you encrypt a message to someone else, it is co-signed with this additional key. This is for corporate use where the company always wants to be able to decrypt your email (say, if you leave), but this additional key only allows decrypt - not encrypt rights - so they still can't forge (i.e. the authenticity of your cert is not degraded). Is this some hack, or would such things be possible within SSL? My main thought is for being able to decrypt S/MIME mail, without needing the originators cert (same reason: corporate use) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Co-signed certs? (was: Tunneling Client Certs)
On Mon, Feb 10, 2003 at 02:25:31AM +0100, Dr. Stephen Henson wrote: Well for S/MIME enveloped data you can add additional certificates whose owner (i.e. the entity with access to the private key) can decrypt. Many S/MIME clients automatically make the message readable by the recpient (its silly otherwise) and the sender (so they can later read it in the Sent mailbox) additional certificates could be added to any other entity that should be able to decrypt the mail. ...so the PGP thing sounds like a kludge then? Sounds like the *interface* (instead of the technology) secretly Cc's the additional key to the message, so that either the true recipient or the additional key can decrypt it. Neat way of adding a new feature :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Combine certificates into chain
On Sun, Nov 24, 2002 at 09:29:09PM -0800, Jimi Thompson wrote: It is also interesting to note that for practical purposes Certificate Revocation Lists are invalid. While they do exist and are part of the standard, very few applications are written to take advantage of them. Once a certificate is issued, it is good until its expiration date, if one was set. Indeed - a fact that never fails to astound me. We were looking at buying a reverse-proxy that would allow us to make available some of our internal Web apps from the Internet, which the requirement that a valid SSL client cert be presented first. In order to control which client certs were valid, we have to relying on CRL so that we can (e.g.) revoke a client cert when someone's laptop is stolen. *NONE* of the commercial offerings we looked at supported CRLs... I can't believe they could claim to support HTTPS and especially client certs without also supporting CRL. But they are still plugging their products... After that, we decided Apache was our friend :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OT: how to make OpenSSL certs for M$ IAS EAP-TLS?
On Mon, Nov 18, 2002 at 03:04:03PM +0100, Karl-Michael Werzowa wrote: Had some experiences with M$-certificate authorities. We provided a root cert to a M$-Certificate server, which led to some problems. Now there's a surprise! ;-) Hey, Vadim, it may be a less than perfect idea to let M$ do the support. In my case they took about a month to provide the needed hints and they were provided in form of MS-API stuff. Yeah - I've dealt with M$ quite a bit - I've never got useful answers out of them - doesn't matter what you pay them... The solution, nevertheless was easy, and mavbe it helps you: 1) It definitely needed crlDistributionPoints and authorityInfoAccess and, most important, when creating the pkcs#12: use the -keysig option! Wow - OK I didn't have authorityInfoAccess, and I didn't use -keysig. Does that disable funtionality of the cert in any way? I want to generate server certs that can be used by Apache/IIS and EAP-TLS, and client certs that allow users to do S/MIME, and EAP-TLS - does the -keysig break any of that? Thanks for your help -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How can I add 8-bit charset/unicode strings to certs?
On Wed, Nov 13, 2002 at 09:35:47AM +0100, Karl-Michael Werzowa wrote: letters, etc. (If you use an Ö or Ä it may be easy, but what about hungarian, slovak, croatian characters? How to type these? Do you know the possible transcripts?) The best way seems to be to have an ascii transcript and the full BMPString in LDAP and certificates. Don't get me started! :-) As it is, we're talking about Microsoft Active Directory LDAP here - so I need to find out just what that is from a charset point of view. I mean, M$ make a big thing over Unicode - but the LDAP data certainly isn't Unicode. In fact, from what I can find off Google, LDAP (include AD) uses ISO-10646 - which is a superset of Unicode. Apparently all standard ASCII chars stay the same, and the rest are converted into the double-byte Unicode. However, I'm definitely getting ASCII-8bit chars out of LDAP - so I don't know what the hell's going on :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How can I add 8-bit charset/unicode strings to certs?
On Tue, Nov 12, 2002 at 02:02:33PM +0100, Dr. Stephen Henson wrote: This is an alighty can of worms... If you want to use OpenSSL to generate these things you can mess around with the config files to accept input as UTF8 and you have to arrange the terminal to output UTF8 sequences, or whatever method you use. ... Interesting responses. Does this actually imply that PKI's in general don't support non-ASCII well, or is this specifically an integration issue I'm facing as I'm pulling data out of one system (LDAP) and injecting it into OpenSSL? I mean, how do commercial packages handle non-ASCII? e.g. Microsoft CA? The reality is that I am pulling user details out of an Active Directory LDAP environment, and want to generate certs. Supposedly this all works under M$ CA integrated with Active Directory - of course Active Directory could be supplying such details in Unicode to M$ CA whereas it shows up as a ASCII-8bit charset via LDAP... Would a good plan be to: 1. find out what charset LDAP returns in 2. find a way to translate those strings into unicode 3. feed the result into OpenSSL with string_mask=utf8only ? I see there's a warning saying that utf8only can crash some versions of Netscape, but only the people with 8bit names are going to ever see these certs anyway, and if their browser crashes on it, well - that's there problem :-) Thanks -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: How can I add 8-bit charset/unicode strings to certs?
On Wed, Nov 13, 2002 at 09:20:51AM +1300, Jason Haar wrote: 1. find out what charset LDAP returns in 2. find a way to translate those strings into unicode 3. feed the result into OpenSSL with string_mask=utf8only Actually, it wasn't as hard as all that. Instead I set string_mask=pkix and regenerated the cert. Now both Mozilla 1.1 and IE 5.0 correctly see the O-umlaut. [currently we don't appear to have anyone with Kanji names, so I'll forget about that fight until later! ;-)] Thanks for your help. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
How can I add 8-bit charset/unicode strings to certs?
Hi there I want to generate certs from our internal LDAP server. We have people from all over the world here, and so some of these entries have 8bit chars in their names (shock! horror!) Now I went off and generated a cert for one Frank Österberg (that's an O with two dots on top), and when I vi the PEM afterwards I see \xD6sterberg. However, under Mozilla Import, the name shows up as A?sterberg (the A has two dots on top) - not the same thing. Is this an issue with the Unix (Linux BTW) system doing some ISO charset, but Openssl expecting unicode? If so, what is the correct way to do this? Thanks in advance for any help - my poor ASCII brain is feeling overwhelmed :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Does IE acknowledge nsCert?
On Thu, Aug 29, 2002 at 02:42:20AM +0200, Dr. Stephen Henson wrote: The Netscape Cert Type is an old non standard extension which some software ignores. The standard way to do this stuff is with extended key usage and the appropriate usage, clientAuth in this case. Brilliant! That did the trick. Now Outlook correctly recognises clientAuth certs as not being usable for S/MIME - just what I wanted... Unfortunately Mozilla says the same cert *is* usable for S/MIME! Sigh... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Does IE acknowledge nsCert?
I'm trying to build an internal PKI, and have found that the effort I went through to stop people using SSL client certs for SMIME appear to have been in vain... Outlook Professional appears to ignore the nsCert setting, as when you view the cert details it says that the cert allows basically everything: smime,object signing,file recovery,etc. The signed cert indeed has a X509v3 extensions of SSL Client under Netscape Cert Type:, but IE ignores that? What is the equivalent for IE? Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please reconfigure majordomo to not set Reply-To (was: Failed to clean virus file Emanuel.exe)
On Mon, Aug 20, 2001 at 01:33:18PM +0200, Michael Ströder wrote: I just wonder why this program send this info to the list and not to the person who sent the virus ;-) Because the mailing list processor is configured to set the Reply-To address to the list address. IMHO this should be changed to reduce such problems with automatic replies (vacation e-mails, virus-scans etc.). Won't help. This is a typical what should an automated agent do when deciding who to send Email to problem. A proper anti-virus system would check for evidence of the message being from a mailing-list (Precedence: bulk, -return headers - all sorts of things), and decide not to send to that. Basically, it should act the same way Postmaster bounces do. I know of no commercial AV systems that do that. An example of such a system that does do that would be Qmail-Scanner http://qmail-scanner.sourceforge.net/ - ahem. Not that I have anything to do with that ;-) -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Message status - undeliverable remedy ?
On Thu, Jan 11, 2001 at 05:57:45PM -0800, David Lang wrote: can we also please reconsider having the reply-to pointing at the list? If it wasn't there this flood would not be happening. Please don't blame the listserver for this!!! It is *ILLEGAL* for MTA to listen to anything other than the mail recipient envelope header (commonly seen as the "Return-Path:" header). Their mail server is MAJORLY BROKEN if it is replying to Reply-To headers. End of story. -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate Authority
I feel everyone is missing the point. What do I do as a company when I want to "acquire" 1,000's of user certs so that my users can (e.g.) use IPSec VPN solutions over the Internet to access corporate services? I don't _need_ a major CA to be guaranteeing the validity - I need to be the CA! Other commercial outfits are producing CAs (Microsoft come to mind - anyone running Active Directory!?!?!?), so why cannot there be an Opensource one?!?!? [yes, there are, I know - I'm just trying to impress that this issue isn't as black-and-white as is being said] -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Can openssl req be scripted?
I'm trying to automate the generation of certs, and I've found that "openssl req" under OpenSSL-0.9.4 doesn't like running non-interactively. There's no "-batch" mode option and if I try to do clever things with redirecting stdin, it just doesn't work :-( Can someone tell me how I can automate this so that I can just create a temp config file, and run it like: openssl req -new -nodes -keyout key.pem -out req.pem -days 365 \ -config /tmp/root/temp.conf and it'll run to completion without requiring me to hit RETURN/etc. Thanks -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 3391 377 Fax: +64 3 3391 417 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Can openssl req be scripted?
On Wed, Mar 08, 2000 at 12:14:31PM +, Dr Stephen Henson wrote: OpenSSL 0.9.5 req was modified to specifically allow this and has several new config file options, the manual page has an example too. Absolutely great - just installed and it worked as I wanted :-) Thanks! -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 3391 377 Fax: +64 3 3391 417 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Anyone signed M$ Exchange *.req certs?
Says it all really. Our Qmail SMTP servers support the ESMTP TLS extension and I want our Exchange 5.5 server to be able to interact with them with encryption. I have used the keygen.exe to generate a cert request, but openssl doesn't seem to know what format it is. Can someone tell me how to sign that with openssl, and how to convert that into a signed-cert Exchange would import? Thanks -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 3391 377 Fax: +64 3 3391 417 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL for sendmail
On Wed, Oct 20, 1999 at 09:40:02AM +0100, Pinca George wrote: Anyway SSL is a point-to-point protocol and there are not many mail servers supporting SSL out there. So , with SSL your messages will be encrypted just till the first server. Yeah - but that can be good enough. For instance we are part of a multi-national company. If all our Internet mail gateways supported TLS, then we could use the Internet to transmit our Email instead of expensive WANs... I've done our servers - but I can't do our US ones as - well - they're US... -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 3391 377 Fax: +64 3 3391 417 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Can US companies use OpenSSL?
If I build OpenSSL as: ./config no-rsa no-rc4 Then that removes all patented algorithims from OpenSSL doesn't it? Then building things like stunnel with this should produce a "binary" or "product" that I can legally send to a collegue in the USA to use? -- Cheers Jason Haar Unix/Network Specialist, Trimble NZ Phone: +64 3 3391 377 Fax: +64 3 3391 417 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]