Re: OpenSSL CA and signing certs with SANs
Jakob Bohm wrote: On 1/7/2014 12:17 AM, Biondo, Brandon A. wrote: I am using ‘ca’ not ‘x509’. It too ignores/discards extensions. Turning on copy_extensions solved the issue though, thanks. I have some follow-up questions: 1.If including SANs in CSRs is non-standard, what is the accepted way of passing all the metadata you want to an authority to construct your certificate? Many commercial CAs take all the certificate information out-of-band on a web form, the only thing those CAs use from the CSR is that it is signed with the requested public/private key pair and has the right subject. First of all there is no real established standard. Even PKIX WG defined CMP/CRMF and CMC which are implemented with different flavors. 2.Why does the config file say to be careful using copy_extensions? Why wouldn’t you want all your extensions to be part of your certificate? Isn’t the whole point of a CSR to package up all the data you want in your certificate? Because copy-extensions copies all the extensions in the CSR, so if you use it, you will need to carefully check every extension in every CSR you receive from users. Note that security-wise, you should not blindly trust a CSR from a less secure computer than the CA computer, There's nothing wrong with a CA accepting PKCS#10 CSRs with subjectAltName values provided it checks the input as it has to check every input anyway. The advantage of taking input from the subjectAltName in the CSR is that it's signed by the EE's private key. Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature
Re: OpenSSL CA and signing certs with SANs
On 1/7/2014 12:17 AM, Biondo, Brandon A. wrote: I am using ‘ca’ not ‘x509’. It too ignores/discards extensions. Turning on copy_extensions solved the issue though, thanks. I have some follow-up questions: 1.If including SANs in CSRs is non-standard, what is the accepted way of passing all the metadata you want to an authority to construct your certificate? Many commercial CAs take all the certificate information out-of-band on a web form, the only thing those CAs use from the CSR is that it is signed with the requested public/private key pair and has the right subject. 2.Why does the config file say to be careful using copy_extensions? Why wouldn’t you want all your extensions to be part of your certificate? Isn’t the whole point of a CSR to package up all the data you want in your certificate? Because copy-extensions copies all the extensions in the CSR, so if you use it, you will need to carefully check every extension in every CSR you receive from users. Note that security-wise, you should not blindly trust a CSR from a less secure computer than the CA computer, even if you happen to be the person who generated that CSR (when you take off your user hat and put on your CA administrator hat, you need to check if the User's computer generated a different CSR than what you agreed to sign). When I generate certificates with SANs (which I usually do), I typically use one of two approaches: A) For the common case: The CA's openssl.cnf adds the usual SANs as extensions, taking the actual name parts from environment variables which my scripts set from my input before signing each cert. B) For the handful of more complex cases, I construct a custom section in openssl.cnf which adds those specific SANs, as well as any other unusual extensions. *From:*owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Dave Thompson *Sent:* Monday, January 06, 2014 5:38 PM *To:* openssl-users@openssl.org *Subject:* RE: OpenSSL CA and signing certs with SANs It is debatable whether putting SAN in the request is really ‘proper’; I don’t know of any ‘real’ (public) CA that accepts it that way. But for openssl: If you are using ‘ca’, set copy_extensions in the config file. See the man page. If you are using ‘x509 –req’, that ignores/discards extensions from the CSR. It can **add** extensions from a config file, but since you usually want SAN to be different for every subject cert that isn’t very convenient. Do you really mean ‘x509 –signkey’ to selfsign, or ‘req –x509’? The latter is IME much more common. *From:*owner-openssl-us...@openssl.org mailto:owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Biondo, Brandon A. *Sent:* Monday, January 06, 2014 16:16 *To:* openssl-users@openssl.org mailto:openssl-users@openssl.org *Subject:* OpenSSL CA and signing certs with SANs Hello, Forgive me if I breach etiquette. This is my first post to this list in quite a while. I am having trouble tracking down information regarding how you reconfigure an OpenSSL CA to handle SANs in requests. There is a wealth of information on how to configure OpenSSL to form a proper request, but in my searching I can only ever find people who use the x509 function to self-sign their certs. When you use an OpenSSL CA to sign this type of request, the certificate is made without issue but the SANS are stripped out of the final product. What am I missing here? Regards, Brandon Biondo Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL CA and signing certs with SANs
It is debatable whether putting SAN in the request is really 'proper'; I don't know of any 'real' (public) CA that accepts it that way. But for openssl: If you are using 'ca', set copy_extensions in the config file. See the man page. If you are using 'x509 -req', that ignores/discards extensions from the CSR. It can *add* extensions from a config file, but since you usually want SAN to be different for every subject cert that isn't very convenient. Do you really mean 'x509 -signkey' to selfsign, or 'req -x509'? The latter is IME much more common. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Biondo, Brandon A. Sent: Monday, January 06, 2014 16:16 To: openssl-users@openssl.org Subject: OpenSSL CA and signing certs with SANs Hello, Forgive me if I breach etiquette. This is my first post to this list in quite a while. I am having trouble tracking down information regarding how you reconfigure an OpenSSL CA to handle SANs in requests. There is a wealth of information on how to configure OpenSSL to form a proper request, but in my searching I can only ever find people who use the x509 function to self-sign their certs. When you use an OpenSSL CA to sign this type of request, the certificate is made without issue but the SANS are stripped out of the final product. What am I missing here? Regards, Brandon Biondo
Re: OpenSSL CA and signing certs with SANs
On Mon, Jan 06, 2014 at 09:16:16PM +, Biondo, Brandon A. wrote: I am having trouble tracking down information regarding how you reconfigure an OpenSSL CA to handle SANs in requests. When you use an OpenSSL CA to sign this type of request, the certificate is made without issue but the SANS are stripped out of the final product. What am I missing here? A lot depends on whether you want a stateful CA, with index.txt files, managed monotone serial numbers, retention of issued certificates, ... Or just a bare-bones capability to sign a certificate of your choice. Though I use both, others can likely describe the stateful approach better than I. Lately, I've been using more bare-bones CAs. An example /bin/bash script (which I place in the public domain) below my signature. It generates certificate chains for a test suite. So the serial numbers are hard-coded, but it supports arbitrary extensions, and addressing your specific question always generates a subjectAltName (see the genee() function). -- Viktor. #! /bin/bash set -e DOMAIN=example.com HOST=mail.${DOMAIN} key() { local key=$1; shift if [ ! -f ${key}.pem ]; then openssl genpkey 2/dev/null \ -paramfile (openssl ecparam -name prime256v1) -out ${key}.pem fi } req() { local cn=$1; shift openssl req -new -sha256 -key ${key}.pem 2/dev/null \ -config (printf [req]\n%s\n%s\n[dn]\nCN=%s\n \ prompt = no distinguished_name = dn ${cn}) } req_nocn() { openssl req -new -sha256 -subj / -key ${key}.pem 2/dev/null \ -config (printf [req]\n%s\n[dn]\nCN_default =\n \ distinguished_name = dn) } cert() { local cert=$1; shift local exts=$1; shift openssl x509 -req -sha256 -out ${cert}.pem 2/dev/null \ -extfile (printf %s\n $exts) $@ } genroot() { local cn=$1; shift local key=$1; shift local cert=$1; shift local skid=$1; shift local akid=$1; shift exts=$(printf %s\n%s\n%s\n $skid $akid basicConstraints = CA:true) key $key; req $cn | cert $cert $exts -signkey ${key}.pem -set_serial 1 -days 30 } genca() { local cn=$1; shift local key=$1; shift local cert=$1; shift local skid=$1; shift local akid=$1; shift local ca=$1; shift local cakey=$1; shift exts=$(printf %s\n%s\n%s\n $skid $akid basicConstraints = CA:true) key $key; req $cn | cert $cert $exts -CA ${ca}.pem -CAkey ${cakey}.pem \ -set_serial 2 -days 30 $@ } genee() { local cn=$1; shift local key=$1; shift local cert=$1; shift local ca=$1; shift local cakey=$1; shift exts=$(printf %s\n%s\n%s\n%s\n%s\n[alts]\n%s\n \ subjectKeyIdentifier = hash \ authorityKeyIdentifier = keyid, issuer \ basicConstraints = CA:false \ extendedKeyUsage = serverAuth \ subjectAltName = @alts DNS=${cn}) key $key; req $cn | cert $cert $exts -CA ${ca}.pem -CAkey ${cakey}.pem \ -set_serial 2 -days 30 $@ } rakid=authorityKeyIdentifier = keyid rskid=subjectKeyIdentifier = hash caakid=authorityKeyIdentifier = keyid, issuer caskid=subjectKeyIdentifier = hash genroot Root CA rootkey rootcert $rskid $rakid genca CA 1 cakey1 cacert1 $caskid $caakid rootcert rootkey genca CA 2 cakey2 cacert2 $caskid $caakid cacert1 cakey1 genee $HOST eekey eecert cacert2 cakey2 cat eecert.pem cacert2.pem cacert1.pem rootcert.pem chain.pem __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL CA and signing certs with SANs
I am using 'ca' not 'x509'. It too ignores/discards extensions. Turning on copy_extensions solved the issue though, thanks. I have some follow-up questions: 1. If including SANs in CSRs is non-standard, what is the accepted way of passing all the metadata you want to an authority to construct your certificate? 2. Why does the config file say to be careful using copy_extensions? Why wouldn't you want all your extensions to be part of your certificate? Isn't the whole point of a CSR to package up all the data you want in your certificate? From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Monday, January 06, 2014 5:38 PM To: openssl-users@openssl.org Subject: RE: OpenSSL CA and signing certs with SANs It is debatable whether putting SAN in the request is really 'proper'; I don't know of any 'real' (public) CA that accepts it that way. But for openssl: If you are using 'ca', set copy_extensions in the config file. See the man page. If you are using 'x509 -req', that ignores/discards extensions from the CSR. It can *add* extensions from a config file, but since you usually want SAN to be different for every subject cert that isn't very convenient. Do you really mean 'x509 -signkey' to selfsign, or 'req -x509'? The latter is IME much more common. From: owner-openssl-us...@openssl.orgmailto:owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Biondo, Brandon A. Sent: Monday, January 06, 2014 16:16 To: openssl-users@openssl.orgmailto:openssl-users@openssl.org Subject: OpenSSL CA and signing certs with SANs Hello, Forgive me if I breach etiquette. This is my first post to this list in quite a while. I am having trouble tracking down information regarding how you reconfigure an OpenSSL CA to handle SANs in requests. There is a wealth of information on how to configure OpenSSL to form a proper request, but in my searching I can only ever find people who use the x509 function to self-sign their certs. When you use an OpenSSL CA to sign this type of request, the certificate is made without issue but the SANS are stripped out of the final product. What am I missing here? Regards, Brandon Biondo
Re: OpenSSL CA and signing certs with SANs
You might want to ask the CAcert folks what they do. I generate certs thru them with SANs all the time. -- Harlan Stenn st...@ntp.org http://networktimefoundation.org - be a member! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org