Re: Certificates and SSL Authentication

[Jim Hopp]

SSL v2 could only send 1 certificate.  SSL v3 and TLS can send 
arbitrarily-length certificate chains (the client doesn't ask for it, 
the server sends the entire chain as part of the handshake; if you're 
using client authentication then the server sends a certificate request 
to the client and the client sends its certificate chain during the 
handshake).  You're right that the client works it way up thru the 
intermediate certificates and will accept the server certificate if it 
trusts the cert at the end of the chain.

For the gory details you can read the specs; I use the book "SSL and 
TLS: Designing and Building Secure Systems" by Eric Rescorla and like it 
alot.

-Jim
Sander Smith wrote:
Thanks for your help but my question wasn't answered. I understand 
certificate chains - I even created some long ones. My question is about 
SSL specifically. The way I understand the SSL handshake, the server 
only sends a certificate to the client - there is no provision to send a 
certificate chain. This means that if the client only trusts the root 
certificate (a reasonable assumption) and the root does not directly 
sign the server certificate (eg there are intermediate certificates in 
the chain) then the client cannot authenticate the server.

This is what I understand from reading the specs, but common sense tells 
me that there must be some way for the client to retrieve those 
intermediate certificates so that the server is authenticated. My belief 
is supported by what I've seen in the real world - real sites that have 
a certificate chain 3 certificates long that get authenticated by my 
browser.  From what I see, the middle certificate is not known 
beforehand to my browser, so my question is how does this work?

Thanks for any help,
Sander
At 03:25 PM 5/26/2004 -0700, you wrote:
See "Certificate Chains" in 
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html#Certificates. 

Sander Smith wrote:
I'm a bit confused concerning SSL certificates, and hope someone can 
shed some light. In reading through the SSL spec concerning the SSL 
handshake, it appears to me that the certificate that authenticates 
my server must be signed by a certificate that is known to the 
client's browser. This would preclude the following scenario:
(Root Certificate) => (Intermediate Cert1) => (Intermediate Cert2) => 
www.mysite.com
Where (Root Certificate) is known to the client but the intermediate 
certificates are not. My certificate <SHOULD> be considered to be 
okay since it is traceable back to a trusted certificate, but the SSL 
handshake seems to say that this is not the case.
However, in looking at some real sites that have real certificates, I 
see the opposite happening. In particular I see the folowing:
Verisign => (Intermediate) => www.somesite.com
Where Verisign is known to my browser, but the intermediate 
certificate is not. It is of the fom:
www.verisign.com/CPS Incorp.by Ref. ... (some ofther stuff)
What is going on here? Is there a way for the the browser to get a 
copy of the intermediate certificate if it isn't already known to it 
as a trusted certificate?
Sander Smith

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]