Re: question -- should SSL server send certs for all CAs?
Hi Jeffrey, Thanks for your response. So, is it a standard that the SSL enabled 'server app send the certificate chain, or just something that the app 'should' do? How can I test what certificates the server is actually sending back? I know that uw-imapd doesn't send the whole chain, and that Apache does. Just to give yet another example -- our exim mail server allows TLS for incoming mail. The mail server uses the hash files to find the certificates for the CA, and has a certificate file which contains our own certificate (signed by an Intermediate CA). I thought that the exim server was sending out the Intermediate CA certificate because when I tried to send a message using a slightly older than new version of Linux Mozilla that did not know about the Intermediate CA, it worked. However, I then got complaints for our PC users using the same version of Mozilla that they were getting messages that the Intermediate CA was unknown! I added the Intermediate CA certificate to the end of the server certificate that I was sending back to the client, and now the PC users were happy. Either exim is sending the full chain out and there was a bug in the Windows version of Mozilla that I was running, or, the Unix version of Mozilla i was running did not completely check the chain! Is there a client program I can run on both the Unix and Windows side to test exactly what certificates are being sent from the server to the client? Thanks, Jason Keltz [EMAIL PROTECTED] On Mon, 10 Jan 2005, Jeffrey Altman wrote: The server should send all of the certs which make up the chain but not the root cert. If the root certs is sent, the client must ignore it for purposes of validation of the chain. Microsoft used to distribute Intermediate certs as part of Windows and this resulted in the expectation that clients should have the intermediate certs installed on their machines. Intermediate certs expire more frequently then root certs. The administrators of the servers have a relationship with the issuers of the intermediate certs; the clients do not. Therefore, the server administrators can more easily update the intermediate certs when needed. Inclusion of the intermediate certs on the client requires the administrator of the client to remove the old intermediate cert and replace it with the new one. In practice, this will never happen in most cases because most clients do not have administrators. Jeffrey Altman Jason Keltz wrote: Hi. I have a question with respect to SSL protocol. Is it part of the protocol that the SSL server send to the client the public keys for the CAs making up the certificate chain? or is it acceptable to send just the server public key and expect the client to complete the chain on its own? I can demonstrate with two examples... assume a multi-level certificate chain -- Root CA - Intermediate CA - server I have two programs -- Apache httpd, and uw-imapd, and both operate differently in this respect. In terms of uw-imapd, the client connecting (Thunderbird 0.8) knew about the Root CA and not the intermediate CA. Thunderbird 0.8 was unable to verify the chain, so an SSL connection could not be made. However, placing the public key of the Intermediate CA in the key file for the server made the problem go away. In terms of Apache and running say Opera as a web client -- if the web client doesn't know about the intermediate CA, the server sends the information, and the client trusts the information without a word to the user. If the Root CA certificate is deleted from the client, the server sends both the Root CA public key and the intermediate CA public key, Opera prompts the user letting them know that it doesn't know about any of the 3 components and asking the user if he would like to trust the CAs. The fact that the client even knows about the Root CA means that the server is sending the whole chain along. I'm not writing to ask about either of these programs (Apache/uw-imapd) because that is obviously discussion for a different list. What I'm wondering about is the protocol in general -- should the server send the whole path, or not? Is there a standard? Thanks for any information you can provide.. Jason Keltz [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: question -- should SSL server send certs for all CAs?
On Wed, Jan 12, 2005, Jason Keltz wrote: Hi Jeffrey, Thanks for your response. So, is it a standard that the SSL enabled 'server app send the certificate chain, or just something that the app 'should' do? Its part of the standard. OpenSSL doesn't currently enforce this but it may do at some point. How can I test what certificates the server is actually sending back? The -showcerts option of s_client will do that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
question -- should SSL server send certs for all CAs?
Hi. I have a question with respect to SSL protocol. Is it part of the protocol that the SSL server send to the client the public keys for the CAs making up the certificate chain? or is it acceptable to send just the server public key and expect the client to complete the chain on its own? I can demonstrate with two examples... assume a multi-level certificate chain -- Root CA - Intermediate CA - server I have two programs -- Apache httpd, and uw-imapd, and both operate differently in this respect. In terms of uw-imapd, the client connecting (Thunderbird 0.8) knew about the Root CA and not the intermediate CA. Thunderbird 0.8 was unable to verify the chain, so an SSL connection could not be made. However, placing the public key of the Intermediate CA in the key file for the server made the problem go away. In terms of Apache and running say Opera as a web client -- if the web client doesn't know about the intermediate CA, the server sends the information, and the client trusts the information without a word to the user. If the Root CA certificate is deleted from the client, the server sends both the Root CA public key and the intermediate CA public key, Opera prompts the user letting them know that it doesn't know about any of the 3 components and asking the user if he would like to trust the CAs. The fact that the client even knows about the Root CA means that the server is sending the whole chain along. I'm not writing to ask about either of these programs (Apache/uw-imapd) because that is obviously discussion for a different list. What I'm wondering about is the protocol in general -- should the server send the whole path, or not? Is there a standard? Thanks for any information you can provide.. Jason Keltz [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: question -- should SSL server send certs for all CAs?
The server should send all of the certs which make up the chain but not the root cert. If the root certs is sent, the client must ignore it for purposes of validation of the chain. Microsoft used to distribute Intermediate certs as part of Windows and this resulted in the expectation that clients should have the intermediate certs installed on their machines. Intermediate certs expire more frequently then root certs. The administrators of the servers have a relationship with the issuers of the intermediate certs; the clients do not. Therefore, the server administrators can more easily update the intermediate certs when needed. Inclusion of the intermediate certs on the client requires the administrator of the client to remove the old intermediate cert and replace it with the new one. In practice, this will never happen in most cases because most clients do not have administrators. Jeffrey Altman Jason Keltz wrote: Hi. I have a question with respect to SSL protocol. Is it part of the protocol that the SSL server send to the client the public keys for the CAs making up the certificate chain? or is it acceptable to send just the server public key and expect the client to complete the chain on its own? I can demonstrate with two examples... assume a multi-level certificate chain -- Root CA - Intermediate CA - server I have two programs -- Apache httpd, and uw-imapd, and both operate differently in this respect. In terms of uw-imapd, the client connecting (Thunderbird 0.8) knew about the Root CA and not the intermediate CA. Thunderbird 0.8 was unable to verify the chain, so an SSL connection could not be made. However, placing the public key of the Intermediate CA in the key file for the server made the problem go away. In terms of Apache and running say Opera as a web client -- if the web client doesn't know about the intermediate CA, the server sends the information, and the client trusts the information without a word to the user. If the Root CA certificate is deleted from the client, the server sends both the Root CA public key and the intermediate CA public key, Opera prompts the user letting them know that it doesn't know about any of the 3 components and asking the user if he would like to trust the CAs. The fact that the client even knows about the Root CA means that the server is sending the whole chain along. I'm not writing to ask about either of these programs (Apache/uw-imapd) because that is obviously discussion for a different list. What I'm wondering about is the protocol in general -- should the server send the whole path, or not? Is there a standard? Thanks for any information you can provide.. Jason Keltz [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature