Re: libcrypto.so.4 from openssl sources?
Hi all, On 12/04/2009 08:13 PM, Hall, Leam wrote: > We have to remove vendor supplied openssl.0.9.7.a and install from > source 0.9.8L. Removing vendor openssl package also removes > /lib/libcrypto.so.4, and that breaks lots of things like ssh. I didn't > find libcrypto.so* in the newly built openssl stuff, am I missing more > than usual? I guess you are right for RedHet EL4. We had the same problem here. Here is my not-too-dirty solution: I built an RPM package of openssl0.9.8l that also contains the old libraries libssl0.9.7a and libcrypto0.9.7a (with the according symlink libssl.so.4 and libcrypto.so.4). That way all RPM dependencies are ok, all old applications still run and we have openssl 0.9.8l available. I do not know if there could be a problem with other "devel" packages (because only the new includes of openssl 0.9.8l exist). Then I erased the old openssl and openssl-devel (--nodeps) and installed the new packages (I did not try the "update" option of "rpm"). I could provide the spec file for the source RPM if someone asks me... Cheers, Olaf -- Olaf Gellert_ - __o gell...@arasca.de _- _`<,_ http://www.arasca.de/ - (_)/ (_) -- Due to circumstances beyond your control you are master of your fate & captain of your soul. -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: revoking a self-signed certificate
Hi all, David Schwartz wrote: >> Can you please elaborate on how would the higher-layer security >> infrastructure go about this? > > Simply put, whatever put the certificate in its trusted position is what is > to remove it. If a CA says to trust a certificate, that CA can say not to. > But if the certificate is self-signed, the trust came from the user who said > to trust it (or some other mechanims outside the scope of the certificate > verification scheme). That same mechanism is the only thing that can say to > stop trusting it. I would not say so. If I found a CRL which contains the self signed root certificate I would stop to trust it immediately. Why should I not trust a CRL issued by a root CA that I trust? Remember: The trust has to be established before, but when you already trust the CA, you can trust CRLs issued by it. Even if the root CAs key was compromised, I would not care if the CRL was issued by the attacker or the CA itself. I agree that it makes sense to have higher level protocols that take care of root CA revocation and trust anchor management, but in my opinion not evaluating a CRL which revokes the root is missing a chance of good CA practise and taking an unnecessary risk... Cheers, Olaf -- Olaf Gellert_ - __o gell...@arasca.de _- _`<,_ http://www.arasca.de/ - (_)/ (_) -- Due to circumstances beyond your control you are master of your fate & captain of your soul. -- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Client-Authentication using Crypt::SSLeay
Hi all, there was a little cut-n-paste error in my previous mail, I forgot one line in the script. The error remains the same... Olaf Gellert wrote: > $file=$ENV{HTTPS_PKCS12_FILE}; $pass=$ENV{HTTPS_PKCS12_PASSWORD}; > $ctx->use_pkcs12_file($file ,$pass) || die("failed to load $file: $!"); Cheers, Olaf -- Olaf Gellert email gell...@dkrz.de Deutsches Klimarechenzentrum GmbH phone +49 (0)40 41173 214 Bundesstrasse 55 fax+49 (0)40 41173 270 D-20146 Hamburg, Germany wwwhttp://www.dkrz.de __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Client-Authentication using Crypt::SSLeay
I am trying to open an SSL connection with Client Authentication using Crypt::SSLeay. What works fine is specifying environment variables HTTPS_CERT_FILE and HTTPS_KEY_FILE. Unfortunately the keyfile has to be unencrypted (there seems to be no no password mechanism for HTTPS_KEY_FILE). When I try to use HTTPS_PKCS12_FILE and HTTPS_PKCS12_PASSWORD, Crypt::SSLeay seems to be unable to open the PKCS12 file. On calling use_pkcs12_file it returns an error "No such file or directory" (though strace reveals that the file exists and is opened). This is what I do: ## $ENV{HTTPS_PKCS12_FILE} = '/home/gellert/test-cert.p12'; $ENV{HTTPS_PKCS12_PASSWORD} = 'test'; $ENV{HTTPS_VERSION} = 3; $ENV{HTTPS_DEBUG} = 1; require Crypt::SSLeay; sub _default_context { require Crypt::SSLeay::MainContext; Crypt::SSLeay::MainContext::main_ctx(@_); } my $ctx = _default_context(23); $file=$ENV{HTTPS_PKCS12_FILE}; $ctx->use_pkcs12_file($file ,$pass) || die("failed to load $file: $!"); # This is the output of the script: # ./test.pl failed to load /home/gellert/test-cert.p12: No such file or directory at ./test.pl line 27. # And this is what strace says... # open("/etc/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory) open("/home/gellert/test-cert.p12", O_RDONLY) = 3 [...] read(3, "0\202\n\351\2\1\0030\202\n\257\6\t*\206H\206\367\r\1\7\1\240\202\n\240\4\202\n\2340\202"..., 4096) = 2797 close(3)= 0 munmap(0x7f448c5fd000, 4096)= 0 write(2, "failed to load /home/gellert/tes"..., 149failed to load /home/gellert/test-cert.p12: No such file or directory at ./test.pl line 27. # The PKCS12 file was generated using OpenSSL, so this should work... By the way: Funny that use_pkcs12_file() still tries to open /etc/ssl/cert.pem, even if a certificate file is specified... Any idea? Or can I work around this using PEM-key and certificate (but the key has to be encrypted)... Cheers, Olaf -- Olaf Gellert email gell...@dkrz.de Deutsches Klimarechenzentrum GmbH phone +49 (0)40 41173 214 Bundesstrasse 55 fax+49 (0)40 41173 270 D-20146 Hamburg, Germany wwwhttp://www.dkrz.de __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using OpenSSL to verify certificate chains
Tim Traver wrote: > openssl verify -purpose sslserver cert.crt > > where cert.crt is the cert and its CAcert and the root cert in pem > format...this is done on the command line, and it always gives me this > error : > > error 20 at 0 depth lookup:unable to get local issuer certificate > > and I'm not sure what that really means...do I need to specify valid > root certs? am I calling this wrong??? OpenSSL starts with the server certificate and tries to validate up to the root certificate. So it has to get the issuer certificate of the server certificate to be able to check the signature. This validation process goes up to the (self-signed) root certificate. It seems that OpenSSL does not look for the issuer certificates in "server.crt", but in the file specified with "-CAfile". So to check a certificate in file "server.crt", put the CA certificates up to the root in "cafile.pem" and call openssl verify -purpose sslserver -CAfile cafile.pem server.crt Regards, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SelfSigned Certificates
Olaf Gellert wrote: [...] > This is what I get (on the server, client looks the same): > > depth=0 /C=DE/O=Test/OU=TestOU/CN=test01 > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /C=DE/O=Test/OU=TestOU/CN=test01 > verify error:num=21:unable to verify the first certificate > verify return:1 > > Is this intended behaviour? Or is there something I can > do about it? From my understanding this should work: > Each self-signed certificate is in the list of trusted > CAs of the communication partner, so there is a definite > trust. Or is it some obscure extension missing etc? ;-) Well, found out already: I did not set basicConstraints and keyUsage correctly. So there was an issuer certificate, but it was not "allowed" to sign itself... Regards, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
SelfSigned Certificates
Hi all, I am trying to establish a connection with selfsigned certificates (for server AND client). So I use a self- signed certificate for the client, put this into the CAfile for the server, take a self-signed cert for the server and use this as CAfile for the client. Now I use s_client and s_server to test this: openssl s_server -cert servercert.pem -key serverkey.pem -verify 5 -CAfile clientcert.pem and openssl s_client -connect localhost:4433 -key clientkey.pem -cert clientcert.pem -CAfile servercert.pem -verify 5 This is what I get (on the server, client looks the same): depth=0 /C=DE/O=Test/OU=TestOU/CN=test01 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=DE/O=Test/OU=TestOU/CN=test01 verify error:num=21:unable to verify the first certificate verify return:1 Is this intended behaviour? Or is there something I can do about it? From my understanding this should work: Each self-signed certificate is in the list of trusted CAs of the communication partner, so there is a definite trust. Or is it some obscure extension missing etc? ;-) Regards, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Unable to get SSL working on Apache2
Todd Chapman wrote: > Hello, > > I have been trying to get SSL working with Apache2 on a CentOS 4.2 machine. > After installing openssl-1.0.9.8d, I created a .csr and sent that to > www.ipsca.com. I received my certificate the next day and followed the > instructions provided on how to install the cert. After the install, I ran > 'apachectl startssl' and was prompted for the passphrase. I then checked the > running processes and found that httpd was not running. I checked the error > log and found the following: > > [Tue Nov 28 15:24:05 2006] [warn] RSA server certificate CommonName (CN) > `localhost.localdomain' does NOT match server name!? > [Tue Nov 28 15:24:05 2006] [error] Unable to configure RSA server private > key > [Tue Nov 28 15:24:05 2006] [error] SSL Library Error: 185073780 > error:0B080074:x509 certificate routines:X509_check_private_key:key values > mismatch Well, you certainly did not get a certificate for "localhost.localdomain" from IPSCA, so I guess that the server loads a dummy certificate. The error from openssl seems to indicate that the key does not match the configured certificate, so maybe the server loads the correct key, but the wrong certificate. Make sure that the config entries "SSLCertificateFile" and "SSLCertificateKeyFile" point to the correct files. I hope that helps already otherwise you might need to provide more information (like the SSL-part of your httpd.conf) Regards, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: HOWTO cross certify two self-signed CAs using OpenSSL
John Mok wrote: > As the number of PCs are many, it is too difficult, if not impossible, > to install the self-signed certificates of both rootCA1 and rootCA2 as > trusted root CAs on every PCs. > > Is there any better way that to cross-certify both rootCA1 and rootCA2, > such that the machines with certificate signed by subCA1 would trust the > certificates signed by subCA3? and vice versa. This depends strongly on what applications you want to use the certificates with: If you use the certificates for client authentication to a server, the server has to get the cross certificates to be able to evaluate the client certificate chains (or you might provide the servers with both root certificates). If you use the certificates for email signing & encryption (S/MIME), you still have to distribute the cross certificates with the sent emails (so if a receiver of a mail has trusted root A and the senders certificate is under root B, the mail has to contain the chain from the user to root B plus the cross certificate "A signs B". There might be some applications that do not work properly with cross certificates (sometimes they depend on the order of the certificates in the given certificate chain, sometimes other problems arise). A comprehensive application testing of cross certificates was done in a (public) report of SURFNET and DFN-CERT, you can get the report here: http://www.pca.dfn.de/bibliothek/reports/pki-linking/ It contains a list of applications at the end wich states what works. It is difficult to give you more specific advise without knowing what you want to use the certificates for... Cheers, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: verify issuer of a cert
Krishna Prasad wrote: > You can check for the Authority Key Identifier and in that the certificate > serial number of the issuer. No, that's not enough. Authority Key Identifier is only to FIND the issuer certificate. After you found one or more certificates matching the Authority Key Identifier, you still have to check the validity of the signature! And: Authority Key Identifier comes in more than one flavour. It might contain the DN of the issuers issuer and the serial number (so if you have a root CA, an intermediate CA and a client certificate, in the client certificates Authority Key Identifier you would find the DN of the root and the serial number of the intermediate CAs certificate). Or you might simply find a hash value identifying the key of the issueing CA. Olaf > On 11/2/06, Bin Lu <[EMAIL PROTECTED]> wrote: >> >> Hi there, >> >> I have 2 certificates in X509 and I want to verify if one cert is the >> issuer of the other, not using the (issuer)name comparison. What is >> the APIshould I use to verify the signature ? I tried the following >> but it >> doesn't work: >> >> X509 *cert, *issuer; >> >> int result = X509_verify(cert, X509_get_pubkey(issuer)); >> >> It always returns -1 even when "cert" is issued by "issuer". >> >> Appreciate any input. >> >> -wenwu >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing Listopenssl-users@openssl.org >> Automated List Manager [EMAIL PROTECTED] >> > -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to do client verification?
Hi, Edward Chan wrote: > I want to verify that whoever the client is claiming to be, is actually > allowed to connect. However, I don't know where to find this > information in the cert. Are there standard fields where this > information can be found. For example, in the book, "Network Security > with OpenSSL", there is sample code for verifying that the server is > actually who the client connected to. It first looks for the "Subject > Alternative Name" field, then looks for the "DNS" field within that and > checks if this matches the hostname being connected to. If the "DNS" > field is not found, it then checks the "Subject" field for the "Common > Name" field and checks if this matches the hostname being connected to. > Is this the proper way to verify the server cert? And would this work > for most, if not all, server certs the client might receive? Are these > typically the fields that one would use to enter the server's identity? Well, this way of verifying the servers DNS name seems pretty reasonable. But the main check is not mentioned: You check if the certificate of the server was issued by a certification authority that you trust! It's easy to trick a client to connect to a wrong server (usually using some tricks on DNS), but it should be impossible for an attacker to forge a certificate in a way that it has a valid signature from a trusted certification authority. > I'm looking for something similar for verifying the client? Is there > some set of fields that are typically used to enter the client's > identity? Would the same fields be used for a client cert? Well, client's are usually different. There is nothing that specifies what you (or a certification authority) writes in the certificates of a client. Usually it depends a lot of your application. So what are you doing: Do you authenticate client hosts (so maybe a DNS field or the subject field would contain a host name)? Or do you authenticate users (for example S/MIME email)? Then the subject field would usually contain the full name of a user (and maybe something more to identify a specific user, eg. a certain Adam Smith and not any Adam Smith that might exist...). For many secure applications you would just create an own certification authority and issue certificates yourself. Then you would simply just trust this single certification authority and you would not even need to check for the clients (or users) name that is in the certificate. If you trust some CAs that issued more certificates than the user certificates that you want to accept, you have to know what's in there and check for the fields in the certificates. A CA might issue certificates for your organization with the O field (organization) of your company, so this might be sufficient to be checked. So there is nothing that you can rely on for every certificate in the world, you have to know how the certificates that you want to accept look like. And not to forget: First check if the certificate is valid (valid signature from a CA that you trust, not expired, not revoked), then check the contents. Apache/ModSSL uses regular expressions to check the contents of the certificates, so you can configure Apache to check nearly any fields of the certificates DN (Organization, Organizational Unit, Subject, State, Location, Country, ...). > Thanks in advance for taking the time to help out a rookie :) Well, hopefully this helps a bit. Cheers, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PKCS12 question
Krishna Prasad wrote: > Hi > > A PKCS#12 file will have to contain the private key,you cannot have only > the > certificate in PKCS#12 format. Yes. Maybe you want a PKCS7-File? This is supported by many applications, too. Using OpenSSL PKCS7 files are generated a bit counterintuitive: You use the command "openssl crl2pkcs7", add some certificates with the argument "-certfile" and tell it not to put a CRL in there with "-nocrl"... :-) openssl crl2pkcs7 -outform DER -out mycerts.p7 -certfile mycert.pem Regards, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Revoking a certificate using only a serial number?
Hi Joe, Joe Gluck wrote: Does anyone know how can I revoke a certificate, even if I don't have the certificate file anymore, (using openssl) can I just update the index.txt line associated with this certificate, change the V to R and add the revocation date? If this should work does anyone have already a script that does that? Or can some one help with the exact format of the index.txt file. Yes, that's the way: Just change V to R and add a revocation date. Then issue a new CRL. You might inspect the CRL afterward with openssl crl -in crlfile.pem -text and you should see that the serial number of the revoked certificate is listed in the CRL. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Question on serial numbers
Dr. Stephen Henson wrote: > The two would look identical and certificates issued by the two CA could get > duplicate serial numbers all over the place. > > So the default is to do something "safe". If someone knows what they are doing > they can use different serial numbers and low values if they wish. Sounds reasonable. I would have preferred a timestamp as a serial number, because this kind of sequence really can prevent doubles (while randomness only makes it unlikely). But anyway: Whoever wants something different can still choose to create the serial number in a way he likes. Regards, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Changing existing certificates from 512 bits to 2048 bits
ray v wrote: > Alicia, > > Thank you for getting back to me > > I need to take the Root CA certificate/private key and > > change the modulus from 512 bit to 2048 bit. I assume > that I have to make a new Root CA Certificate request > and then sign it with the old one? You cannot prolong the keys from 512 to 2048 bits, so you will need to generate a completely new key. The idea of additionally signing the new key with the old one is perfectly valid in theory. On the other hand: If you have to update the key of your CA because the old one is too short (= not secure any more), then the trust by such a signature is limited. And: You might run into troubles with some other clients than IE or Outlook. The handling of cross certificates is pretty poor in many applications. If this really catches your interest, you might have a look at http://www.dfn-pca.de/bibliothek/reports/pki-linking/ Regards, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Apache: modssl SSLRequire
Olaf Gellert wrote: > Dominique Lohez wrote: > >>> Still don't know what I am doing wrong. Here's my complete >>> actual config (if someone really would want to look at it) >>> ;-) Seems as if the SSLRequire never comes into effect >>> (even if I compare the CN with "Foo" instead of "Testuser" >>> access is allowed)... >>> >> In fact the >> Allow from localhost >> directive should be removed or the test should be carried out from >> another host: >> >> Since this directive is matched by the test connection >> the other directives are considered and so the SSLRequire directive is >> not used > > Thanx Dominique so far! > > Hmmm... right now I think I tried every possible > combination of "Satisfy", "Order", "Allow", "Deny" > and "SSLOptions StrictRequire" and SSLRequire. > Whenever there is a directive "Allow" allowing > access, access is granted (so SSLRequire has > no effect), when a Deny is in effect (or no > explicit Allow), access is denied (again SSLRequire > has no effect). Is there some documentation about > the interaction between the different authorization- > and access-control mechanisms from the different > modules? Or is there some possibility to debug the > evaluation process of the access control of apache? Right now I made it working with an Apache 1.3.34 with modules compiled in. My standard SuSE Apache 2.0 with dynamic modules seems not to work. The only difference in the config file are the LoadModule commands. Should not be an issue of the order of loading the modules, maybe some other kind of bug... This is an issue that I will keep an eye on. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Apache: modssl SSLRequire
Dominique Lohez wrote: >> Still don't know what I am doing wrong. Here's my complete >> actual config (if someone really would want to look at it) >> ;-) Seems as if the SSLRequire never comes into effect >> (even if I compare the CN with "Foo" instead of "Testuser" >> access is allowed)... >> > In fact the > Allow from localhost > directive should be removed or the test should be carried out from > another host: > > Since this directive is matched by the test connection > the other directives are considered and so the SSLRequire directive is > not used Thanx Dominique so far! Hmmm... right now I think I tried every possible combination of "Satisfy", "Order", "Allow", "Deny" and "SSLOptions StrictRequire" and SSLRequire. Whenever there is a directive "Allow" allowing access, access is granted (so SSLRequire has no effect), when a Deny is in effect (or no explicit Allow), access is denied (again SSLRequire has no effect). Is there some documentation about the interaction between the different authorization- and access-control mechanisms from the different modules? Or is there some possibility to debug the evaluation process of the access control of apache? Again the relevant part of my configuration (will move this to apache mailing list, because it becomes a little bit off topic): AllowOverride None Options FollowSymLinks +Includes SSLOptions +StrictRequire Order deny,allow Deny from all Allow from 192.168.2 127.0.0.1 SSLRequireSSL SSLRequire ( %{SSL_CLIENT_S_DN_O} eq "SSLTest SubCA 01" \ && %{SSL_CLIENT_S_DN_CN} eq "Testuser" ) Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Apache: modssl SSLRequire
T_S_DN_O} eq "SSLTest SubCA 01" \ and %{SSL_CLIENT_S_DN_CN} eq "Testuser" ) SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/apache2/ssl_request_customlog \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Apache: modssl SSLRequire
Hi, somewhat off topic, but as there are so many users of Apache/ModSSL around here (and I already asked on the modssl mailing list): I want an Apache SSL server to request client authentication. This works. Additionally I want to restrict access only to certain users with a valid certificate. So I use SSLRequire for the document root directory of the server: SSLOptions +FakeBasicAuth +StdEnvVars +CompatEnvVars +StrictRequire AllowOverride None Options +FollowSymLinks +Includes Satisfy all Order deny,allow Deny from all Allow from localhost SSLVerifyClient require SSLVerifyDepth 3 SSLRequireSSL SSLRequire ( %{SSL_CLIENT_S_DN_O} eq "SSLTest SubCA 01" \ && %{SSL_CLIENT_S_DN_OU} eq "User Certificates" \ && %{SSL_CLIENT_S_DN_CN} eq "Testuser" ) But I can still access the server with a client certificate that has "testuser2" (different from "Testuser"!) as SSL_CLIENT_S_DN_CN (this certificate was issued by the correct CA, but the SSLRequire should deny access). The SSL_CLIENT_S_DN_CN is set correctly in the Apache environment (I print that on the webpage using the SSI command "printenv"). What else could I have missed? Thanx for help, cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [Newbie] Conversion PEM --> DER (pkcs7) fails with demo certificate
Rainer Menzner wrote: > 2) Create a binary encoded DER file as a public certificate: > > openssl.exe pkcs7 -inform PEM -outform DER -in pca-cert.pem -out > test1.cer -text Well, what do you need? If you just want a DER file for a single certificate, just use: openssl x509 -in pca-cert.pem -outform DER -out pca-cert.cer Pkcs7 is more a utility to view PKCS7 files (which can contain more than one certificate). To build pkcs7-files you have to use the openssl utility crl2pkcs7. This one is a little bit funny: use it like this (untested): openssl crl2pkcs7 -certfile file1.pem -certfile file2.pem -out certs.pkcs7 -nocrl Crazy thing to use "crl2pkcs7" with argument -nocrl ... :-) Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: certificate chain and root CA question
Olaf Gellert wrote: > This matters in cases, where a certificate hierarchy > has different CAs (eg operated by different organisations). > Right now it seems impossible to me to tell openca: === Typo, I meant "openssl". Olaf Gellert -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: certificate chain and root CA question
Dr. Stephen Henson wrote: > On Fri, Mar 17, 2006, michael Dorrian wrote: > >> 1. Can a CA signed by the root CA act as a trusted CA itself?. > > Provided the root CA permits this... Actually I think: not. It seems to be impossible to evaluate a certificate only up to a subCA, openssl always requires the complete chain up to the root CA. So I cannot tell openssl "this is a trusted subordinate CA, that's enough." This matters in cases, where a certificate hierarchy has different CAs (eg operated by different organisations). Right now it seems impossible to me to tell openca: Accept certificates from this subCA, but not from this one. Additional means used in mod_ssl (regular expressions on subject and issuer DN and verifydepth) may be helpful, but not always sufficient. Eg the following scenario: RootCA subCA1 subsubCA1 client1 subCA2 subCA2 can issue a subsubCA certificate with the same DN entries as subsubCA1, which again issues a client cert with the same DN as client1. So besides the key material, both client certificates look the same. And they both evaluate successful, because the software always checks up to the root. So actually I see no way for subCA1 to configure mod_ssl or tell the openssl utilities to trust subCA1 and NOT subCA2... Dangerous... Or did I miss some additional mechanisms? (always eager to learn something... :-)) >> 2. How does the certificate chain stop another client who has a >> certificate signed by the same root authority as you acting as a trusted >> CA. I know the ip addresses will be different but maybe there is a way >> around that too. There are (as Stephen Henson already said) mechanisms to tell CA certificates from client certificates. And there are even more extensions that can additionally prevent misuse of certificates (using user certificates for servers etc), keyUsage and extendedKeyUsage are your friends. This reduces the problem, but the scenario above seems to be an unsolved issue as far as I can tell... In my understanding this results form mixing two things: Issueing a certificate does just tell "the given name and key belong together". But that does not necessarily imply that I trust the owner of the certificate. So there is a difference between "I trust this root CA to correctly identify users and I think the issued certificates are all ok" and "I trust all individuals that own a certificate issued by this CA". But the later is actually what you do if you use "SSLCACertificatefile" for mod_ssl. This difference can actually not be fully expressed with the means of mod_ssl or the openssl utilities. Correct me if I'm wrong... Olaf Gellert -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Choice of CAs in SSL/TLS handshake
Samy Thiyagarajan wrote: > > Hi, > May be changing the verification of the depth level solve this issue. ( > I mean check the chain only upto User CA 1 and not upto the Root CA ) > In this case it should not report about missing valid root. > > Im not sure. this is just an idea. Good idea. But unfortunately it does not work out. I removed the root-certificate from the SSLCACertificateFile. The Server now only allows the user CA 1 (otherwise it still offers the root CA as valid CA). And I shortened the verifyDepth to one. But the server denies access saying: [Tue Mar 07 15:56:34 2006] [error] Certificate Verification: Error (20): unable to get local issuer certificate Seems that "verifyDepth" still requires a self-signed root certificate (so the chain has to reach the toplevel in the given number of steps). Hm... Any other proposals? :-) Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Choice of CAs in SSL/TLS handshake
Gayathri Sundar wrote: > you can put CA2 as part of the revocation list? > if CA2 is part of the client's CRL, then it will automatically > be rejected..is this what you want? Nothing about revocation, both CAs are valid and should stay valid. I do have a User CA 1 for one type of service (or one group of users) and a User CA 2 for another kind of service. Both are under the same root CA. When I setup Apache/Mod_SSL I am not able to specify, that the Server should only request client certificates from User CA 1. It will always put the root certificate in the TLS certificate request and so the client assumes that it is ok to send a certificate from User CA 2... The only way to cope with this with Mozilla is to setup "manual choice" for the certificate (so whenever e certificate is necessary, the browser asks you, which is very often and annoying). So I am looking for a way to configure what the server sends in his client certificate request... (Anyone who knows better how the words in the RFC are meant, speak up now! :-)) Of course, thanks for your help, Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Choice of CAs in SSL/TLS handshake
Hi, I came across the following problem: I do have two user CAs under the same root CA: Root CA |-> User CA 1 -> User Certificate 1 |-> User CA 2 -> User Certificate 2 I want to tell a webserver to accept certificates from User CA 1 but not from User CA 2. But: In openssl s_server AND in mod_ssl I can only specify a list (as file or directory) of trusted CAs. These are used for two purposes: a) the server puts all of them in his certificate_request message during SSL connection establishment. b) they have to contain the root certificate as trust anchor. What I need is a way to specify the requested client CAs WITHOUT the root certificate. Otherwise clients (Mozilla/Firefox) think that both CAs are accepted (because the root certificate is in the certificate request message). Any way to do this? Is this just a missing feature or do I read the RFC wrong? This is what RFC 2246 says about the request message (sec. 7.4.4): certificate_authorities A list of the distinguished names of acceptable certificate authorities. These distinguished names may specify a desired distinguished name for a root CA or for a subordinate CA; thus, this message can be used both to describe known roots and a desired authorization space. So it should be possible to provide only the certificate of User CA 1? (but then openssl s_server and mod_ssl do not find a valid root certificate.) Thanks for any help, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Trusted CA pack
Warrick FitzGerald wrote: > Is there somewhere that you can download a package of all currently > "trusted" CA's. I know this is a very broad question, as who defines who > the trusted ones are. > > I was just thinking that since vendors like $MS have a list of standard > trusted CA's, that the OpenSource community would have something similar. > > Does such a list \ pack exist, or do you need to hand pick your trusted > CA's? There are some different flavours of such a list. As it merely depends on money to get a CA certificate included in the MS applications (even after switching to the Webtrust scheme), the OpenSource community is working on their own processes. There are some attempts to bundle CA certificates made by different communities. For example there is a collection of the CA certificates of the European research networks (http://www.tacar.org/) and there is the European Bridge CA (http://www.bridge-ca.org/). I am always keen to learn about other attempts to solve the problem of root certificate distribution. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: problem creatin pkcs12 file
Robert Kwiencien wrote: > I try to create the pkcs12 file with: > > [EMAIL PROTECTED] CA]$ openssl pkcs12 -export -in newcert.pem -inkey > private/cakey.pem -certfile cacert.pem -name "Laser" -out testcert.pem > Enter pass phrase for private/cakey.pem: > > > My pass phrase is corrent, but then I get: > > No certificate matches private key > > Can anyone give some advice? It seems that you are trying to put the CA-key into the PKCS12 file. Not a good idea! The key to put into the PKCS12 should be the key belonging to the certificate of the user/server/client, so it's the one belonging to "newcert.pem". Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: cURL, CERT and PEM
Philippe de Rochambeau wrote: > Hello, > > I have just generated a self-signed certificate as follows: > > openssl x509 -req -days 365 -in my.domain.csr -signkey my.domain.key > -out my.domain.cert > > What format is my.domain.cert now in? OpenSSL uses PEM format as default. There are options to generate other output formats (-outform) but this is not necessary for curl. > I am asking this because I am trying to use this certificate with curl > as in > > curl --cert my.domain.cert https://my.secure.server > > But when I do that, I get the following message: > > curl: (35) unable to set private key file > > Any help with this matter would be much appreciated. I guess you have to tell curl where to find the secret key (the certificate file only contains your public key). There is a curl option called "--key", so something like: curl --cert my.domain.cert --key your.key.file https://my.secure.server will probably work. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Format of file index.txt database of a CA
prakash babu wrote: > *eg ) V 051213070133Z B3500880020644B6 unknown > /C=IN/ST=TamilNadu/O=cbe/CN=test* > ** > *where:* > V - Certificate is Valid (R for revoked > certificates ) and E for expired. > 051213070133Z - Date upto which the certificate is valid > B3500880020644B6 - Serial number of the certificate > /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate If a certificate is revoked, there is another field with the date of revocation, so a revoked entry looks like this: R 060920165425Z 050315152021Z 0B unknown /C=US/O=Organization/CN=Name In the other cases (Valid and Expired), there is still an empty field in this (so between the expiry date and the serial number there are two tabulators). So the format is: E|R|VExpiry[RevocationDate]SerialunknownSubjectDN Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: HTTPS
Milan Tomic wrote: > > Where can I find some HTTPS client app example using OpenSSL? I have > found cli.cpp in the OpenSSL distribution but it connects to the server > through sockets. If you are looking for a binary that does the job you may simply use "openssl s_client"... Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Creating certs for others (without their private keys)
Uri wrote: > Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing > others' public keys) without havign their private keys presented to the > signer? > > [For having to bring private key along with the public key sort fo > defeats the whole purpse PKI.] > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > Maybe someone should just give a little introduction on how to do it with OpenSSL? Ok. If you do not want the CA to create secret keys for the users, then every user has to create his/her own key pair (using "openssl genrsa" for example). Afterwards, a certificate request is generated and sent to the CA. This request contains the users (or servers, if you are doing server certificates) name and the public key, and it is signed with the secret key of the user (using "openssl req"). The CA makes sure that the request is ok and really belongs to the given user/server, and a certificate is created with the given name and publik key from the request (using "openssl ca"). Teh certificate is sent to the user (or server administrator), who then has both, the secret key and the certificate. Hmmm... pretty much all right now... Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Certificate chain problem
Eleftheria Petraki wrote: > Hi all, > > I have generated a self signed root certification authority and an > intermediate certification authority signed by the root CA using openssl > 0.9.7g. The intermediate CA signed an apache 1 with mod-ssl SSL server > certificate. Both the root and intermediate PEM certificates are placed > in the file ca.crt pointed by the directive SSLCACertificateFile. How about putting the intermediate CA-certificate in the file ca.chain and let the directive SSLCertificateChainFile point to it? SSLCACertificateFile is IMHO only for accepted CAs for client authentication (so no wonder the server does not accept the connection request, your browser does not have an according client certificate). > I would greatly appreciate any help, since I can not find any solution > for this. I hope it works as described above. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to verify a certificate chain?
Andreas Hoffmann wrote: > Hi, > how can I verify multiple single DER-encoded certificates which I > recieve from a gateway and which represent a cert-chain alltogether. > > I think this should be done like this (PseudoCode): > foreach (cert from chain) >check, if it was signed by the CA of the previous cert > Check if one of the certs is a trusted one (ideally this should be the > Root-CA?) This is much too easy. Usually you do not know anything about the order in which the certificates are presented, so it is more something like: Find the certificate of the end-entity (server or client). Until (actual_certificate in set of trusted certificates) do issuer_certificate=find_issuer_certificate(actual_certificate) check_signature(actual_certificate, issuer_certificate) exit_on_failure actual_certificate=issuer_certificate done There is additional complexity in finding the issuer certificate, for example there may be multiple issuer certificates for the actual certificate to be checked (so all pathes have to be evaluated). This is essential to cope with cross-certificates. A more detailed description of the algorithm for checking of certificate chains is in RFC 3280, Section 6: Certificate Path Validation. This is the way to do it, I would say. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Linking of different PKIs
Hi all, it may be a little bit off topic but I guess this could be interesting for some of you. In the last months we tested some means of linking different PKIs together (for example cross-certificates). Tests were conducted with Windows2000, WinXP and Linux and the most common mail- and WWW-clients. The work was initiated by SURFnet (Netherlands) and DFN-CERT Services GmbH (Germany). See: http://www.dfn-pca.de/bibliothek/reports/ Cheers, Olaf ## WWW-Abstract: Actually Public Key Infrastructure (PKI) technologies are in a state of being used and useful. Many organisations run their own PKI now, creating certificates predominantly for signed and encrypted email and for user authentication. On the one hand this leads to a growing amount of users that own certificates and know how to use them, wich provides a basis for further development of PKI-enabled applications. On the other hand many seperate small PKIs have been established that could be much more useful if they could be linked to each other. Linking these PKIs would enable secure information exchange between different institutions. This report reviews the possible solutions for linking of PKIs (eg. cross-certificates) and provides the results of tests with actual applications. ## -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Setting startdate + enddate for root certificates?
Jensen, J (Jens) wrote: > A solution is to create a request for the root, save it, then > use "req" to issue a temporary root. Then set up a mini-CA > to sign the real root with the temporary root. It works > because the keys are the same in the temporary and real > root (both generated from the same request), and because > in both root certs the issuer and subject DNs are the same. Hi, good idea, this works of course. Should have thought about it myself, but that's life: Where are the good ideas if you need them? ;-) Thanx a lot, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Certificate : how many stages?
Hi, Harnois Anne-Sophie wrote: > Hi everybody, > > I hear about several methods for server's certificate creation. > - one of them (through CA.pl) creates a root CA and then the server's > certificate > - an another one creates a root CA, then a server CA and finally the > server's certificate. > Why are there three stages? Is it useful? What is the best or the > recommended method? > Thanks a lot for your advices. Well, it depends on what you are going to do with the certificates. If you just need a simple certificate for a standalone webserver, you can even use a selfsigned certificate for the server without any CA. If you need to have client certificates for authentication on a webserver, you can have a client CA (and configure your server to accept all certificates of this CA). You can even have a CA for employees and another one for customers. Maybe both are allowed to get access to certain areas of the server, while only certificates of the employees CA are allowed to access all documents. So having SubCAs is more an issue of your organisational structure... Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Setting startdate + enddate for root certificates?
Hi, I was just searching for a way to create root certificates with specified startdate and enddate using openssl. The "openssl ca" tool supports the according arguments -startdate and -enddate, but obviously "openssl req", which is used to generate root certificates, does not. Any other way to do this (besides changing the system time)? Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to include multiple common names in a single SSL certificate?
Ralph wrote: > Charles B Cranston wrote: > >> > I'm trying to set up an Apache 2 based web server for multiple >> > name based virtual hosts. As it is not possible with mod_ssl to >> > have a seperate SSL certificate file for each virtual host... >> >> Actually, you can, but they have to have separate IP addresses. >> (Requiring the server host to be multi-homed...) > > As I wrote, I was talking about multiple name based (!) virtual hosts, > and the mod_ssl FAQ states that you can't have a seperate SSL cert file > for each of them <http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47>. I > know that multiple IP based virtual hosts are a different matter, but > unfortunately I only have on IP address available for the host in > question. > > What I am trying to achieve is that this single host uses one cert which > includes multiple CNs, so that given the following DNS entries > > www.domain1.org. IN A 123.234.123.234 > www.domain2.net. IN A 123.234.123.234 > www.domain3.com. IN A 123.234.123.234 > > users can access the server via > > https://www.domain1.org/ > https://www.domain2.net/ > https://www.domain3.com/ > > without a warning about the URL host name not matching the certificate > common name. I know that with mod_ssl all three URLs will result in the > same web page to be displayed, but that is acceptable in this special > case where a couple of domains are to mapped to one single web site. You may notice that this is not really a desired configuration. What you actually are trying to do is to cheat the user: When I connect to a server named "www.domain1.org", then I want a confirmation that I really accessed this server. What you are doing is sending a confirmation for "you are connected to one of these servers: www.domain1.org, www.domain2.net, www.domain3.com". This may be ok if these were "www.domain1.com", "ssl.domain1.com" and so on (which sometimes is solved by wildcard certificates), but if the domains are visually independent from each other, then I would not want my browser to accept the certificate. What would you say, if you wanted to do some onlinebanking on "www.yourbank.com", and got a certificate for "www.yourbank.com", "www.softporn.com" and "www.spamcompany.com"? I would want my browser to tell me... ;-) Just my 2 cents, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Scanning for Certificate Expiration
Patrick Heim wrote: > Does anoyne know of a tool or a way to script OpenSSL to: > > 1. Connect to an SSL enabled server > 2. Retrieve the server certificate > 3. Parse it for the certificate expiration date Well, you can use "openssl s_client" to connect to the server: openssl s_client -connect www.servername.de:port -showcerts >From the output you can extract the server certificate (choosing the certificate which has the according common name ( s:/C=[whatever]/CN=www.servername.de This certificate you can put into a file and run openssl x509 on it: openssl x509 -noout -in .pem -enddate The output is like this: notAfter=Sep 24 09:35:00 2004 GMT That's what you want, I guess... So a little bit of perl calling openssl twice (once with s_client, once with x509) and parsing the output should be sufficient. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Creation of PKCS7 files
Dr. Stephen Henson wrote: >>If yes, how would I create a PKCS7 file containing >>a given certificate chain using OpenSSL? > > The crl2pkc7 utility will do this. Thanx Steve, sorry that I was not smart enough to figure out, that you could call crl2pkcs7 (which obviously should create pkcs7 files containing a CRL) with the argument "-nocrl". It's a little bit non-intuitive usage, isn't it? But I knew that openssl would do the job in one of it's amazing ways. :-) Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Creation of PKCS7 files
Hi all, I was trying to create a pkcs7 file containing a certificate chain that I have (in PEM format). Do PKCS7 files have to be encrypted/signed or may they just work as a container for certificates? If yes, how would I create a PKCS7 file containing a given certificate chain using OpenSSL? Regards, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Setting the key usage for client certificates
Marcus Carey wrote: > > > When creating client certificates with following extensions: > > basicContraintsCA:FALSE > nsComment "OpenSSL Generated Certificate" > subjectKeyIdentifier hash > authoritiyKeyIdentifier keyid,issuer:always > keyUsage > nonrepudiation,digitalsignature,keyEncipherment > > Microsoft certificate viewer list the following certiticate usage > information: Is this correct for the extensions listed above? > > Ensures the identity of a remote computer > Proves your identity to a remote computer > Ensures software came from software publisher > Protects software from alteration after publication > Protects e-mail messages > Allows data to be signed with the current time > Allows you to digitally sign a certificate trust list > Allows secure communication on the Internet > Allows data on disk to be encrypted > Windows Hardware Driver Verification > Windows System Component Verification > OEM Windows System Component Verification > Embedded Windows System Component Verification > Key Pack Licenses > License Server Verification > Smart Card Logon > Digital Rights > Qualified Subordination > Key Recovery > Document Signing > File Recovery > Root List Signer > All application policies > Directory Service Email Replication > Certificate Request Agent > Key Recovery Agent > Private Key Archival > Lifetime Signing > File Recovery This is not really dependant of the certificate, it seems to be a very broad interpretation of what the OS allows you to do with such a certificate. So I would guess, it is more a Windows issue than an OpenSSL or X509 issue... > How do I create a client certificate which has only the folowing two > usage values? > > Proves your identity to a remote computer > Protects e-mail messages As said above, most of the above is just an interpretation of your OS, so these values will depend on the security settings of your box and not on the certificate itself... Unfortunately I am not a windows guru so I can not enlighten you any further. ;-) Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate Revocation
Aaron Smith wrote: > We have been using OpenSSL to generate certificates for various > applications here with a home grown CA (created using openssl ca). We > recently started upgrading our servers from Redhat 7.3 to RHEL 3.0. The > machine that used to house the CA directories used openssl version > 0.9.6b (RedHat RPM) and the new machine uses openssl version 0.9.7b > (again, RedHat RPM). I tar'ed up the CA directories from the old > machine and plopped them onto the new machine. When I attempted to > revoke a certificate (by "openssl ca -revoke certfile.pem"), I received > the following error: > > ERROR:name does not match Maybe it's something to do with Email-Addresses in the DN? From 0.9.6 to 0.9.7 the entry output of openssl changed from "Email" to "emailAddress" so it could be that you have to change this in the "index.txt" file of OpenSSL. Just a guess... Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Email-Entries in Certificates
Hi, I just came across some significant change between openssl 0.9.6 and openssl 0.9.7 (at least I compared openssl 0.9.6k and 0.9.7c): When I print a DN containing an Email-Address using OpenSSL 0.9.6, it says something like C=DE/O=.../OU=.../CN=www.foo.com/[EMAIL PROTECTED] Using 0.9.7, the output is: C=DE/O=.../OU=.../CN=www.foo.com/[EMAIL PROTECTED] I guess this will be a problem for all applications that obiously use the output of OpenSSL, for example apache (with the option FakeBasicAuth, which requires the Distinguished Names in a password-file) and obviously the GRID-software globus (which requires signing-policy-files for each CA-certificate). Is this already known (and documented somewhere)? Was this change made to adapt to any standards or were there other reasons? Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] Treffen Sie uns auf dem DFN-CERT Workshop http://www.dfn-cert.de/events/ws/2004/ 3. und 4. Februar 2004, Hamburg __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]