RE: OpenSSL PKI Tutorial updated
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Zack Williams
> Sent: Thursday, 27 March, 2014 20:26
>
> On Thu, Mar 27, 2014 at 2:47 AM, Stefan H. Holek wrote:
> > No reason. Just for maximum compatibility. Every software can do SHA1. But
> this comes up a lot and I might switch to sha256 the next time around.
>
> It appears that even what most "legacy" web browsers and servers
> support sha256, given these lists:
>
> http://www.tbs-certificates.co.uk/FAQ/en/476.html
> http://www.tbs-certificates.co.uk/FAQ/en/477.html
>
> Are there other lists of other products that are modern (or still in
> active use), but lack sha256 compatibility?
I'm in the process right now of updating Visibroker, a widely-used commercial
product, to support certificates with SHA-256 signatures. (I don't believe
that's proprietary information, and anyone with a copy of Visibroker can easily
discover it by trying to use such a certificate.) My guess is it's not the only
one.
That said, I think it makes sense to use SHA-256 in the tutorial. Anyone using
it who runs into software that can't handle such certificates will get a useful
bit of education in certificate signature algorithms.
--
Michael Wojcik
Technology Specialist, Micro Focus
This message has been scanned for malware by Websense. www.websense.com
:��I"Ϯ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
Re: OpenSSL PKI Tutorial updated
On Thu, Mar 27, 2014 at 2:47 AM, Stefan H. Holek wrote: > No reason. Just for maximum compatibility. Every software can do SHA1. But > this comes up a lot and I might switch to sha256 the next time around. It appears that even what most "legacy" web browsers and servers support sha256, given these lists: http://www.tbs-certificates.co.uk/FAQ/en/476.html http://www.tbs-certificates.co.uk/FAQ/en/477.html Are there other lists of other products that are modern (or still in active use), but lack sha256 compatibility? >> 2. I couldn't figure out what the [additional_oids] section of the >> Expert example's root-ca.conf file is for - either through research or >> going through the commit history. Could you elaborate on what that >> accomplishes? > > These define symbolic names for policy OIDs used in the certificatePolicies > extension. You could well use the raw numbers without mapping them to names. > Also note that policies are entirely optional and you are free to ignore them > if you don't have a use case. I assume that verifying that only correct/allowed OIDs are used in a cert chain happens whether or not they get used by the rest of the software, correct? Or is this configurable? > Thank you for your feedback, Thank you for working on this! - Zack __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL PKI Tutorial updated
On 27.03.2014, at 13:32, Walter H. wrote: > Does this mean, you use certificates with a complete chain of at least 4 > certificates? > > - root ca cert. no pathlen > - intermediate ca cert. also no pathlen > - signing ca cert. with pathlen > - end cert Yes, the expert example does that. > what is here said about the key length? > > my CA uses a root with 4096 bits RSA key; does it make a sense, that > an intermediate or the signing ca has a stronger key than the root CA? I don't think so. Stefan -- Stefan H. Holek ste...@epy.co.at __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL PKI Tutorial updated
Hello, On Thu, March 27, 2014 10:47, Stefan H. Holek wrote: >> 3. Is there a reason to not set a pathLen in the basicConstraints >> section of the Root CA's (to 1, to allow a maximum of one layer of >> CA's below the Root), but to do so on the Intermediate CA's? > > Pathlen is not used on root CA certs. A lot of things are not used on root > CA certs. They only serve to publish a key and ID. I don't use pathlen on > intermediate CAs either, just signing CAs. Does this mean, you use certificates with a complete chain of at least 4 certificates? - root ca cert. no pathlen - intermediate ca cert. also no pathlen - signing ca cert. with pathlen - end cert what is here said about the key length? my CA uses a root with 4096 bits RSA key; does it make a sense, that an intermediate or the signing ca has a stronger key than the root CA? Greetings, Walter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: OpenSSL PKI Tutorial updated
Le 27/03/2014 11:14, Jeffrey Walton a écrit : On Thu, Mar 27, 2014 at 5:47 AM, Stefan H. Holek wrote: On 25.03.2014, at 17:44, Zack Williams wrote: ... 3. Is there a reason to not set a pathLen in the basicConstraints section of the Root CA's (to 1, to allow a maximum of one layer of CA's below the Root), but to do so on the Intermediate CA's? Pathlen is not used on root CA certs. ... RFC 5280 might disagree. For example, section 6.1.2 (k): (k) max_path_length: this integer is initialized to n, is decremented for each non-self-issued certificate in the path, and may be reduced to the value in the path length constraint field within the basic constraints extension of a CA certificate. No disagreement here. Initial value of the max_path_len is set to the length of certificate chain, and it's not taken from the BasicConstraints extension of the trust anchor. The rest of the phrase (after the first comma) explains how it will decrease, but it's detailed later in the algo. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL PKI Tutorial updated
On Thu, Mar 27, 2014 at 5:47 AM, Stefan H. Holek wrote: > On 25.03.2014, at 17:44, Zack Williams wrote: > >> ... >> 3. Is there a reason to not set a pathLen in the basicConstraints >> section of the Root CA's (to 1, to allow a maximum of one layer of >> CA's below the Root), but to do so on the Intermediate CA's? > > Pathlen is not used on root CA certs. ... RFC 5280 might disagree. For example, section 6.1.2 (k): (k) max_path_length: this integer is initialized to n, is decremented for each non-self-issued certificate in the path, and may be reduced to the value in the path length constraint field within the basic constraints extension of a CA certificate. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL PKI Tutorial updated
On 25.03.2014, at 17:44, Zack Williams wrote: > 1. Is there a reason you're not using SHA-256 hash by default - it > appears that SHA1 is being recommended against currently: > http://www.digicert.com/sha-2-ssl-certificates.htm No reason. Just for maximum compatibility. Every software can do SHA1. But this comes up a lot and I might switch to sha256 the next time around. > 2. I couldn't figure out what the [additional_oids] section of the > Expert example's root-ca.conf file is for - either through research or > going through the commit history. Could you elaborate on what that > accomplishes? These define symbolic names for policy OIDs used in the certificatePolicies extension. You could well use the raw numbers without mapping them to names. Also note that policies are entirely optional and you are free to ignore them if you don't have a use case. > 3. Is there a reason to not set a pathLen in the basicConstraints > section of the Root CA's (to 1, to allow a maximum of one layer of > CA's below the Root), but to do so on the Intermediate CA's? Pathlen is not used on root CA certs. A lot of things are not used on root CA certs. They only serve to publish a key and ID. I don't use pathlen on intermediate CAs either, just signing CAs. Thank you for your feedback, Stefan -- Stefan H. Holek ste...@epy.co.at __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: OpenSSL PKI Tutorial updated
Le 25/03/2014 23:08, Zack Williams a écrit :
On Tue, Mar 25, 2014 at 10:54 AM, Erwann Abalea
wrote:
2. I couldn't figure out what the [additional_oids] section of the
Expert example's root-ca.conf file is for - either through research or
going through the commit history. Could you elaborate on what that
accomplishes?
https://pki-tutorial.readthedocs.org/en/latest/expert/root-ca.conf.html
The OIDs are used in the CertificatePolicies extension of a subordinate CA
of this root CA.
For a policyId to be acceptable for an end-user certificate, this same
policyId (or the special value anyPolicy) MUST be present in all CAs between
this end-user cert and the root CA. The root CA is special in that it
doesn't need to contain any CertificatePolicies extension.
So these are used to group or link the certificate chain together?
No, it's about authorized uses of certificates.
Certificate policy is defined by the X.509 recommendation as:
"A named set of rules that indicates the applicability of a certificate
to a particular community and/or class of application with common
security requirements. For example, a particular certificate policy
might indicate applicability of a type of certificate to the
authentication of electronic data interchange transactions for the
trading of goods within a given price range."
What identifies a specific CP is a policyId, and it's represented by an
OID. Having a policyId declared or not in a CA allows for its issuing CA
to allow or deny the right of this subCA to deliver certificates that
can be used in accordance to this CP.
Is there guidance for generating and naming this OID? Given an OID in this form:
1.3.6.1.4.1.X.Y.Z
I'm assuming that you would register the top level number (X) with the
IANA (or other appropriate issuing body), but is there guidance to
setting Y and Z, which are 7 and 8 or 9 respectively in the Expert
example?
No guidance necessary, everyone is free to shape its OID space as wanted.
3. Is there a reason to not set a pathLen in the basicConstraints
section of the Root CA's (to 1, to allow a maximum of one layer of
CA's below the Root), but to do so on the Intermediate CA's?
Because it's not used by the standardized validation algorithm (RFC5280
section 6, X.509 section 10).
I looked through RFC5280 section 6.1.4 (m), and it appears that
setting the pathLen would apply to the Root CA, and would cause
section (l) to fail on CA's created beyond the depth specified. Am I
interpreting the RFC incorrectly?
You overlooked this, in 6.1:
[...]
To meet this goal, the path validation process verifies, among other
things, that a prospective certification path (a sequence of n
certificates) satisfies the following conditions:
(a) for all x in {1, ..., n-1}, the subject of certificate x is
the issuer of certificate x+1;
(b) certificate 1 is issued by the trust anchor;
(c) certificate n is the certificate to be validated (i.e., the
target certificate); and
(d) for all x in {1, ..., n}, the certificate was valid at the
time in question.
[...]
Point (b) is important.
Now look at 6.1.2 (Initialization), point (k):
-
(k) max_path_length: this integer is initialized to n, is
decremented for each non-self-issued certificate in the path,
and may be reduced to the value in the path length constraint
field within the basic constraints extension of a CA
certificate.
-
and you'll understand that any BasicConstraints:pathLenConstraint set in
the Trust Anchor isn't used at all.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: OpenSSL PKI Tutorial updated
On Tue, Mar 25, 2014 at 10:54 AM, Erwann Abalea wrote: > >> 2. I couldn't figure out what the [additional_oids] section of the >> Expert example's root-ca.conf file is for - either through research or >> going through the commit history. Could you elaborate on what that >> accomplishes? >> >> https://pki-tutorial.readthedocs.org/en/latest/expert/root-ca.conf.html > > The OIDs are used in the CertificatePolicies extension of a subordinate CA > of this root CA. > For a policyId to be acceptable for an end-user certificate, this same > policyId (or the special value anyPolicy) MUST be present in all CAs between > this end-user cert and the root CA. The root CA is special in that it > doesn't need to contain any CertificatePolicies extension. So these are used to group or link the certificate chain together? Is there guidance for generating and naming this OID? Given an OID in this form: 1.3.6.1.4.1.X.Y.Z I'm assuming that you would register the top level number (X) with the IANA (or other appropriate issuing body), but is there guidance to setting Y and Z, which are 7 and 8 or 9 respectively in the Expert example? >> 3. Is there a reason to not set a pathLen in the basicConstraints >> section of the Root CA's (to 1, to allow a maximum of one layer of >> CA's below the Root), but to do so on the Intermediate CA's? > > Because it's not used by the standardized validation algorithm (RFC5280 > section 6, X.509 section 10). I looked through RFC5280 section 6.1.4 (m), and it appears that setting the pathLen would apply to the Root CA, and would cause section (l) to fail on CA's created beyond the depth specified. Am I interpreting the RFC incorrectly? Thanks, Zack __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl-users] Re: OpenSSL PKI Tutorial updated
Le 25/03/2014 17:44, Zack Williams a écrit : On Fri, Mar 21, 2014 at 12:25 AM, Stefan H. Holek wrote: I have updated the OpenSSL PKI Tutorial at Read the Docs. The tutorial provides three complete PKI examples you can play through and the prettiest configuration files this side of Neptune. Check it out! https://pki-tutorial.readthedocs.org/ This is really awesome. I've been trying to make sense of the config files for cert generation and align to best practices (when I can find them), and having good documentation is great. A few questions: 1. Is there a reason you're not using SHA-256 hash by default - it appears that SHA1 is being recommended against currently: http://www.digicert.com/sha-2-ssl-certificates.htm Good point. 2. I couldn't figure out what the [additional_oids] section of the Expert example's root-ca.conf file is for - either through research or going through the commit history. Could you elaborate on what that accomplishes? https://pki-tutorial.readthedocs.org/en/latest/expert/root-ca.conf.html The OIDs are used in the CertificatePolicies extension of a subordinate CA of this root CA. For a policyId to be acceptable for an end-user certificate, this same policyId (or the special value anyPolicy) MUST be present in all CAs between this end-user cert and the root CA. The root CA is special in that it doesn't need to contain any CertificatePolicies extension. 3. Is there a reason to not set a pathLen in the basicConstraints section of the Root CA's (to 1, to allow a maximum of one layer of CA's below the Root), but to do so on the Intermediate CA's? Because it's not used by the standardized validation algorithm (RFC5280 section 6, X.509 section 10). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL PKI Tutorial updated
On Fri, Mar 21, 2014 at 12:25 AM, Stefan H. Holek wrote: > I have updated the OpenSSL PKI Tutorial at Read the Docs. The tutorial > provides three complete PKI examples you can play through and the prettiest > configuration files this side of Neptune. Check it out! > > https://pki-tutorial.readthedocs.org/ This is really awesome. I've been trying to make sense of the config files for cert generation and align to best practices (when I can find them), and having good documentation is great. A few questions: 1. Is there a reason you're not using SHA-256 hash by default - it appears that SHA1 is being recommended against currently: http://www.digicert.com/sha-2-ssl-certificates.htm 2. I couldn't figure out what the [additional_oids] section of the Expert example's root-ca.conf file is for - either through research or going through the commit history. Could you elaborate on what that accomplishes? https://pki-tutorial.readthedocs.org/en/latest/expert/root-ca.conf.html 3. Is there a reason to not set a pathLen in the basicConstraints section of the Root CA's (to 1, to allow a maximum of one layer of CA's below the Root), but to do so on the Intermediate CA's? Thanks, Zack __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL PKI Tutorial updated
Hi All, I have updated the OpenSSL PKI Tutorial at Read the Docs. The tutorial provides three complete PKI examples you can play through and the prettiest configuration files this side of Neptune. Check it out! https://pki-tutorial.readthedocs.org/ Cheers, Stefan -- Stefan H. Holek ste...@epy.co.at __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL PKI Tutorial updated
On 29.04.2013, at 22:48, Kevin Fowler wrote: > In the Simple PKI example, step 5.4 "View PKCS#7 bundle", the "-in" option > points to "ca" directory, but the bundle was created in step 4.3 "Create > PKCS#7 bundle" in the "certs" directory". I.e.: Good catch! I have fixed 4.3 to use the "ca" directory as well. > So far though, this has been a helpful tutorial for a noob to PKI. Thanks! > Kevin > Thank you, Stefan -- Stefan H. Holek ste...@epy.co.at
Re: OpenSSL PKI Tutorial updated
In the Simple PKI example, step 5.4 "View PKCS#7 bundle", the "-in" option points to "ca" directory, but the bundle was created in step 4.3 "Create PKCS#7 bundle" in the "certs" directory". I.e.: Step 4.3: openssl crl2pkcs7 -nocrl \ -certfile ca/signing-ca.crt \ -certfile ca/root-ca.crt \ -out certs/signing-ca-chain.p7c \< certs directory -outform der Step 5.4: openssl pkcs7 \ -in ca/signing-ca-chain.p7c \ < ca directory -inform der \ -noout \ -text \ -print_certs So far though, this has been a helpful tutorial for a noob to PKI. Thanks! Kevin On Sun, Apr 21, 2013 at 5:56 AM, Stefan H. Holek wrote: > Hi All! > > I have updated the OpenSSL PKI tutorial at readthedocs. The tutorial takes > a novel approach without ever referring to openssl.cnf or CA.pl (yuck). You > can find it here: > > https://pki-tutorial.readthedocs.org/ > > Thanks to everyone who has provided feedback for the first version. I > heard your call for more verbosity! The first two examples now have much > more detailed instructions, and I hope that by the third example you won't > need instructions anymore. ;-) > > Cheers, > Stefan > > -- > Stefan H. Holek > ste...@epy.co.at > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org >
OpenSSL PKI Tutorial updated
Hi All! I have updated the OpenSSL PKI tutorial at readthedocs. The tutorial takes a novel approach without ever referring to openssl.cnf or CA.pl (yuck). You can find it here: https://pki-tutorial.readthedocs.org/ Thanks to everyone who has provided feedback for the first version. I heard your call for more verbosity! The first two examples now have much more detailed instructions, and I hope that by the third example you won't need instructions anymore. ;-) Cheers, Stefan -- Stefan H. Holek ste...@epy.co.at __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
