Re: SSL

[dreamwvr]

hi,
  better yet get linux.. any linux and save yourself the cost of the os period..
comes with apache as well as can pull down open-ssl thanks to the open 
src and plunk it on your linux box. then just goto any number of rpm or 
*.tar.gz sites and build the source installing apache-ssl thats about it.
this also goes through the process of creating a demo certificate from 
snake oil or something like that company.. then get thawte or verasign 
cert and away you go.. b.t.w. apache comes with all off the shelf linux 
versions as well as anyone using it if leveraged for a co of say 10 to 100
employees will save on mail, web, fileserving, alone literally thousands 
of $$ . your investing in mindshare just like this group i might add which 
is 'open' as opposed to closed like some systems out there ;-) now under
investigation.. take 10% of what you have saved and donate the $$ to 
your local linux group or a school.. whatever..
Regards,
[EMAIL PROTECTED]
___

** DREAMWVR.COM - TOTAL INTERNET SERVICES 
TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
http://www.dreamwvr.com/services/MAX_SEC.html
DREAMWVR.COM - The Console of Many... 90 Topics Covered
http://www.dreamwvr.com/dynamicduo.html mailto:[EMAIL PROTECTED]
- LINUX-MANDRAKE Solution Provider and North American Distributor -
PRODUCT OF THE YEAR!
http://www.dreamwvr.com/mandrake/mandrake-main.html
"===0 PGP Key Available 
*** "As Unique as the Company You Keep." *
"If anyone speaks from DREAMWVR.COM its certainly not me:-)"


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

How do I download a self-signed CA cert into IE/OE?

[Bruce Stephens]

Suppose I want to get IE to trust a new CA for signing user
certificates (for S/MIME in OE or something).

How do I reliably do that?  i.e., what format should I put the
certificate in, what file extension should it have, and what MIME type
should I have Apache give it?

It ought to be easy: I ought to be able to produce a cacert.pem file,
and deliver it as application/x-x509-ca-cert, which has the advantage
that Netscape will grok it, too.  

And indeed, this seems to work.  On some machines.  But not on others.
And sticking in DER form (can calling it cacert.der) similarly doesn't
work reliably, either.  So what's the right thing to do?

-- 
Bruce Stephens  [EMAIL PROTECTED]
MessagingDirect(UK) Ltd URL:http://www.MessagingDirect.com/

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Idiot's summary of [Re: Certificate chaining]

[Andrew Cooke]

Jan Meijer wrote:
 You could have a point here.  I was fooling around with a test certificate
 that is signed by our root CA (the SURFnet PCA).  With this test-certificate
 I signed client certs and I had problems verifying the client certs.  The
 troubles went away after including the PCA certificate in the chain (which
 basically tells me openssl does not trust anything unless the final root CA
 cert is included.  Think I could argue this reasoning ;).  Basically our CA
 will always put the correct subject line into a client/server cert, as will
 the PCA (in a CA's cert).  I think it all depends on how the actual clients
 and servers handle chain-checking when deciding what might be usefull for
 the Openssl verify function to act like.
 
 I tried to use it when something failed with my netscape browser, and since
 that is a pretty closed environment I went to openssl for help.  There's the
 history of my initial question.  Thanks for the answer, I'll have a look at
 the docs :)

I've just finished sorting out our code and checking with the posts
here.  Since the above seemed a bit confused (no offence, but this post
seems to imply that you knew less than your previous post :-) and since
it
will help me get things straight in my head, this is a simple summary. 
If anything contradicts posts from S Henson then believe him - I learnt
everything I say here from his posts and playing with our code (home
grown Java/C stuff that uses 0.9.4).

IF ANYTHING BELOW IS WRONG PLEASE CORRECT ME!  Thanks.

- I will discuss the case where one party, which I call "client" submits
a certificate to another party, which I'll call "server".  Those names
aren't intended to imply that one party initiated the connection, or
that verification will not also occur in the other direction.

- So, the client submits a certificate.

- The server's aim is to find a self-signed certificate that signed that
certificate, or a self-signed certificate that signed a certificate that
signed that certificate, or a self-signed certificate that signed a
certificate that signed a certificate that...

- I'll call the self-signed certificate the "root certificate" and the
certificates between it and the client's certificate "intermediate
certificates".

- All intermediate certificates must be present, but they need not all
be present on the server side.  The client may supply some intermeditae
certificates.  This occurs during the SSL handshake.

- In my experiments the intermediate certificates were used if they were
preent in the client's CAfile or the server's CAfile.  Presumable CA
directories would also work.

- The root certificate must be present on the server - the server will
not (successfuly) use a root certificate supplied by the client.

- This procedure is open to abuse because you may not trust people that
are trusted by people you do trust(!).  For example, you may trust A.  A
may trust B, but you may not trust B.  Intermediate certificates can
force you to trust B.  This is a security hole.

- This occurs as follows:  You sign A's certificate with your root
certificate.  A then signs B's certificate with A's certificate.  When B
connects to your server, B may include A's certificate.  Your server
will then verify B, using A's certificate as an intermediate
certificate.

- At the moment (0.9.4) this can be avoided by refusing to accept a
depth greater than 1 in the verification process.

- Checking the depth is done in our code (and I believe this is normal)
within verify_callback.  This routine is supplied to SSL using
SSL_CTX_set_verify.  I can't post our code (sorry), but you would simply
return 0 if depth is greater than 1.

- This same callback can also be used to implement CRLs.

- One way to avoid the problem above is to use the CA flag in
basicConstraints.  This is a small piece of data within the certificate
that indicates whether the certificate is a CA certificate or not
(remember that information in the certificate, once signed, cannot be
changed, or it will break the signature).

- In the past it was recommended that people not bother with this piece
of data for compatibility.  However, it is need to solve the problem
above.

- The security hole above can be closed by only signing other people's
certificates if the CA flag is false and then checking that all
intermediate certificates have a true CA flag.

- This allows you to implement a hierarchy of certificates.  You can
have a root CA whose private key is used to sign some "working CA
certificates" (CA flag true) and then hidden away.  By keeping the root
key off-network and off-site you can be pretty sure that it will not be
compromised.

- The working CA certificates are used, as intermediate certificates, to
sign other people's certificates.  But only certificates where the CA
flag is false are signed.

- Let's return to A and B.  A now has a CA=false certificate.  A signs
B's certificate.  B connects, using A's certificate as an intermediate
certificate.  Because