Re: Server Authentication
Your client needs to have a certificate issued by a CA that the server trusts, and the server must request client authentication by name-of-CA-that-it-will-accept. The client can then provide its certificate (it knows which one based on the requested issuer name) and prove ownership of the private key that goes with the public key in the certificate, thus authenticating. The root certificate that issued the server's certificate needs to be in your client's local roots directory in order for the client to authenticate the server (not just 'in order for the client to authenticate TO the server', since the client will not attempt to authenticate if the server does not authenticate to the client). If it doesn't have it, then the authentication will fail. You can (generally, but not always) obtain the root certificate from the chain that the server sends to a query with 'openssl s_client -connect host:port -showcerts'; however, this may be subject to a MITM attack and you should verify the root independently before adding it willy-nilly to the client's roots directory. -Kyle H On Fri, Jun 20, 2008 at 1:05 AM, AlokBhatnagar [EMAIL PROTECTED] wrote: Hi, I have created my test client and server application. For that i also created a Root CA Certificate and using that certificate i created client and server certificates. Using those certificates the handshaking has been done between the client and server and they are communicating properly. Now i want my client application to communicate with an actual server. So i want to know how will my client authenticate the server since i don't have the server's root certificate? Thanks in Advance.. Regards Alok Bhatnagar Subscribe to MicroWorld's free security newsletter @ http://www.mwti.net/support/newsletter_subscribe.asp __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Server Authentication
So i want to know how will my client authenticate the server since i don't have the server's root certificate? Thanks in Advance.. Regards Alok Bhatnagar That is completely application-dependent. The answer will depend on what makes the legitimate server different from an imposter. Your question is basically, how can I detect an impostor?. And the answer is as opposed to what?. For example, if the question is, how can I tell the real amazon.com from an impostor who doesn't control that domain? the answer is to see if the server presents a certificate with 'amazon.com' in the common name that is signed by a CA you trust. If you don't know what CAs you trust, then you have a problem. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Server Authentication
Thanks david, I know that the domain name should be same as the common name in server certificate which is sent by the server to the client. As I know, The SSL client verifies the server's certificate against the CA certificate loaded in the client. Suppose i trust Verisign CA. So my client must have Verisign CA Certificate in order to verify the server's certificate. So i want to ask, how will i get the CA certificate or list of CA certificates that i trust? Thanks Regards Alok Bhatnagar - Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 6:03 PM Subject: RE: Server Authentication So i want to know how will my client authenticate the server since i don't have the server's root certificate? Thanks in Advance.. Regards Alok Bhatnagar That is completely application-dependent. The answer will depend on what makes the legitimate server different from an imposter. Your question is basically, how can I detect an impostor?. And the answer is as opposed to what?. For example, if the question is, how can I tell the real amazon.com from an impostor who doesn't control that domain? the answer is to see if the server presents a certificate with 'amazon.com' in the common name that is signed by a CA you trust. If you don't know what CAs you trust, then you have a problem. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Server Authentication
From what I understand, you need the trust anchors certificate( eg Verisign ) so that you can check the server's certificate against the probably self-signed Verisign certificate. It is supposed that you have already have the certificates of CAs you trust. If your question is how to find online a specific certificate, the simple answer is that you usually can't. - Original Message From: AlokBhatnagar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 4:02:15 PM Subject: Re: Server Authentication Thanks david, I know that the domain name should be same as the common name in server certificate which is sent by the server to the client. As I know, The SSL client verifies the server's certificate against the CA certificate loaded in the client. Suppose i trust Verisign CA. So my client must have Verisign CA Certificate in order to verify the server's certificate. So i want to ask, how will i get the CA certificate or list of CA certificates that i trust? Thanks Regards Alok Bhatnagar - Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 6:03 PM Subject: RE: Server Authentication So i want to know how will my client authenticate the server since i don't have the server's root certificate? Thanks in Advance.. Regards Alok Bhatnagar That is completely application-dependent. The answer will depend on what makes the legitimate server different from an imposter. Your question is basically, how can I detect an impostor?. And the answer is as opposed to what?. For example, if the question is, how can I tell the real amazon.com from an impostor who doesn't control that domain? the answer is to see if the server presents a certificate with 'amazon.com' in the common name that is signed by a CA you trust. If you don't know what CAs you trust, then you have a problem. DS __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Server Authentication
Hi Alok; On June 20, 2008 09:02:15 am AlokBhatnagar wrote: Thanks david, I know that the domain name should be same as the common name in server certificate which is sent by the server to the client. As I know, The SSL client verifies the server's certificate against the CA certificate loaded in the client. Suppose i trust Verisign CA. So my client must have Verisign CA Certificate in order to verify the server's certificate. That is correct. So i want to ask, how will i get the CA certificate or list of CA certificates that i trust? That depends on what your environment is - if you have fairly low security requirements, then just download the certificate from the Verisign web site. If you have more elaborate security requirements, then you need to talk to Verisign, and go through one of their protocols to validate that the Trust Anchor that you download or receive from them is really the one that you wish to trust, and that it is fully correct. Be very careful doing certificate validation - it isn't as straight forward as is this cert signed by a CA that I trust - there's also revocation checking, policy matching, and many other tests that *SHOULD* be performed, only some of which are provided by the OpenSSL verify functionality. For a full description of Path Validation and Discovery, take a look at RFC3280 (or 5280 if you want to be REALLY up to date) It all depends on your security requirements though - what is your risk profile? (Essentially - why are you even using SSL? Hide the data in transit? Are you worried about man in the middle attacks? Who is on your list of potential attackers? What is the value of the data that you are protecting?) The answers to these questions will determine the level and complexity of checking you do - if all you are doing is trying to make casual evesdropping on the conversation between two IRC participants more difficult, then perhaps just checking the CA identity is enough... if you are concerned with protecting a multi-million dollar transaction, perhaps you should be being a bit more thorough :) Have fun! Patrick. Thanks Regards Alok Bhatnagar - Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 6:03 PM Subject: RE: Server Authentication So i want to know how will my client authenticate the server since i don't have the server's root certificate? Thanks in Advance.. Regards Alok Bhatnagar That is completely application-dependent. The answer will depend on what makes the legitimate server different from an imposter. Your question is basically, how can I detect an impostor?. And the answer is as opposed to what?. For example, if the question is, how can I tell the real amazon.com from an impostor who doesn't control that domain? the answer is to see if the server presents a certificate with 'amazon.com' in the common name that is signed by a CA you trust. If you don't know what CAs you trust, then you have a problem. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Server Authentication
Hello Sendroiu, Thats what i was asking How can i get the certificates of CAs i turst? Regards Alok Bhatnagar - Original Message - From: Sendroiu Eugen To: openssl-users@openssl.org Sent: Friday, June 20, 2008 7:12 PM Subject: Re: Server Authentication From what I understand, you need the trust anchors certificate( eg Verisign ) so that you can check the server's certificate against the probably self-signed Verisign certificate. It is supposed that you have already have the certificates of CAs you trust. If your question is how to find online a specific certificate, the simple answer is that you usually can't. - Original Message From: AlokBhatnagar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 4:02:15 PM Subject: Re: Server Authentication Thanks david, I know that the domain name should be same as the common name in server certificate which is sent by the server to the client. As I know, The SSL client verifies the server's certificate against the CA certificate loaded in the client. Suppose i trust Verisign CA. So my client must have Verisign CA Certificate in order to verify the server's certificate. So i want to ask, how will i get the CA certificate or list of CA certificates that i trust? Thanks Regards Alok Bhatnagar - Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 6:03 PM Subject: RE: Server Authentication So i want to know how will my client authenticate the server since i don't have the server's root certificate? Thanks in Advance.. Regards Alok Bhatnagar That is completely application-dependent. The answer will depend on what makes the legitimate server different from an imposter. Your question is basically, how can I detect an impostor?. And the answer is as opposed to what?. For example, if the question is, how can I tell the real amazon.com from an impostor who doesn't control that domain? the answer is to see if the server presents a certificate with 'amazon.com' in the common name that is signed by a CA you trust. If you don't know what CAs you trust, then you have a problem. DS __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Server Authentication
As I said you usually can't. For instance Firefox has a database with certificates from many trust anchors ( they pay to be in that database), so when wants to validate a certificate it asks the db about it. If you have an HTTPS server which has a self-signed certificate that isn't in Firefox's db, than you will get an error that the certificate could not be validated. This is because you cannot access their online ldap's or X.500 stores of certificates only if you are their client( i bought a certificate class 4, for application signing and they gave me user/pass to their online repository). Even then you might have restricted access and if you want the CAs self-signed certificate( if CA is Verisign or other root CA ) that cert you won't find in their repositories. I would be interested too to find a way to retrieve online certificates, but I'm afraid currently there isn't any. That's why Verisign wants to take over DNS, so that they can distribute certs at will - ISPs are too lasy to do that. Cheers, Eugen. - Original Message From: AlokBhatnagar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 4:49:55 PM Subject: Re: Server Authentication Hello Sendroiu, Thats what i was asking How can i get the certificates of CAs i turst? Regards Alok Bhatnagar - Original Message - From: Sendroiu Eugen To: openssl-users@openssl.org Sent: Friday, June 20, 2008 7:12 PM Subject: Re: Server Authentication From what I understand, you need the trust anchors certificate( eg Verisign ) so that you can check the server's certificate against the probably self-signed Verisign certificate. It is supposed that you have already have the certificates of CAs you trust. If your question is how to find online a specific certificate, the simple answer is that you usually can't. - Original Message From: AlokBhatnagar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 4:02:15 PM Subject: Re: Server Authentication Thanks david, I know that the domain name should be same as the common name in server certificate which is sent by the server to the client. As I know, The SSL client verifies the server's certificate against the CA certificate loaded in the client. Suppose i trust Verisign CA. So my client must have Verisign CA Certificate in order to verify the server's certificate. So i want to ask, how will i get the CA certificate or list of CA certificates that i trust? Thanks Regards Alok Bhatnagar - Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 6:03 PM Subject: RE: Server Authentication So i want to know how will my client authenticate the server since i don't have the server's root certificate? Thanks in Advance.. Regards Alok Bhatnagar That is completely application-dependent. The answer will depend on what makes the legitimate server different from an imposter. Your question is basically, how can I detect an impostor?. And the answer is as opposed to what?. For example, if the question is, how can I tell the real amazon.com from an impostor who doesn't control that domain? the answer is to see if the server presents a certificate with 'amazon.com' in the common name that is signed by a CA you trust. If you don't know what CAs you trust, then you have a problem. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Server Authentication
I do have to point out, no CA pays Mozilla to be in Firefox's database. What the CA pays for is the auditing required to pass Mozilla's criteria for inclusion in the database. That said, my personal opinion is that the CA model is broken from the start, and I am pushing for a way to opt out of Mozilla's root certificate distribution without having to individually remove trust from every CA in their database. -Kyle H On Fri, Jun 20, 2008 at 7:16 AM, Sendroiu Eugen [EMAIL PROTECTED] wrote: As I said you usually can't. For instance Firefox has a database with certificates from many trust anchors ( they pay to be in that database), so when wants to validate a certificate it asks the db about it. If you have an HTTPS server which has a self-signed certificate that isn't in Firefox's db, than you will get an error that the certificate could not be validated. This is because you cannot access their online ldap's or X.500 stores of certificates only if you are their client( i bought a certificate class 4, for application signing and they gave me user/pass to their online repository). Even then you might have restricted access and if you want the CAs self-signed certificate( if CA is Verisign or other root CA ) that cert you won't find in their repositories. I would be interested too to find a way to retrieve online certificates, but I'm afraid currently there isn't any. That's why Verisign wants to take over DNS, so that they can distribute certs at will - ISPs are too lasy to do that. Cheers, Eugen. - Original Message From: AlokBhatnagar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 4:49:55 PM Subject: Re: Server Authentication Hello Sendroiu, Thats what i was asking How can i get the certificates of CAs i turst? Regards Alok Bhatnagar - Original Message - From: Sendroiu Eugen To: openssl-users@openssl.org Sent: Friday, June 20, 2008 7:12 PM Subject: Re: Server Authentication From what I understand, you need the trust anchors certificate( eg Verisign ) so that you can check the server's certificate against the probably self-signed Verisign certificate. It is supposed that you have already have the certificates of CAs you trust. If your question is how to find online a specific certificate, the simple answer is that you usually can't. - Original Message From: AlokBhatnagar [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 4:02:15 PM Subject: Re: Server Authentication Thanks david, I know that the domain name should be same as the common name in server certificate which is sent by the server to the client. As I know, The SSL client verifies the server's certificate against the CA certificate loaded in the client. Suppose i trust Verisign CA. So my client must have Verisign CA Certificate in order to verify the server's certificate. So i want to ask, how will i get the CA certificate or list of CA certificates that i trust? Thanks Regards Alok Bhatnagar - Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 6:03 PM Subject: RE: Server Authentication So i want to know how will my client authenticate the server since i don't have the server's root certificate? Thanks in Advance.. Regards Alok Bhatnagar That is completely application-dependent. The answer will depend on what makes the legitimate server different from an imposter. Your question is basically, how can I detect an impostor?. And the answer is as opposed to what?. For example, if the question is, how can I tell the real amazon.com from an impostor who doesn't control that domain? the answer is to see if the server presents a certificate with 'amazon.com' in the common name that is signed by a CA you trust. If you don't know what CAs you trust, then you have a problem. DS __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Projecthttp://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Server Authentication
Hello Patrick, Thanks for the detailed information. Regards Alok Bhatnagar - Original Message - From: Patrick Patterson [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 7:26 PM Subject: Re: Server Authentication Hi Alok; On June 20, 2008 09:02:15 am AlokBhatnagar wrote: Thanks david, I know that the domain name should be same as the common name in server certificate which is sent by the server to the client. As I know, The SSL client verifies the server's certificate against the CA certificate loaded in the client. Suppose i trust Verisign CA. So my client must have Verisign CA Certificate in order to verify the server's certificate. That is correct. So i want to ask, how will i get the CA certificate or list of CA certificates that i trust? That depends on what your environment is - if you have fairly low security requirements, then just download the certificate from the Verisign web site. If you have more elaborate security requirements, then you need to talk to Verisign, and go through one of their protocols to validate that the Trust Anchor that you download or receive from them is really the one that you wish to trust, and that it is fully correct. Be very careful doing certificate validation - it isn't as straight forward as is this cert signed by a CA that I trust - there's also revocation checking, policy matching, and many other tests that *SHOULD* be performed, only some of which are provided by the OpenSSL verify functionality. For a full description of Path Validation and Discovery, take a look at RFC3280 (or 5280 if you want to be REALLY up to date) It all depends on your security requirements though - what is your risk profile? (Essentially - why are you even using SSL? Hide the data in transit? Are you worried about man in the middle attacks? Who is on your list of potential attackers? What is the value of the data that you are protecting?) The answers to these questions will determine the level and complexity of checking you do - if all you are doing is trying to make casual evesdropping on the conversation between two IRC participants more difficult, then perhaps just checking the CA identity is enough... if you are concerned with protecting a multi-million dollar transaction, perhaps you should be being a bit more thorough :) Have fun! Patrick. Thanks Regards Alok Bhatnagar - Original Message - From: David Schwartz [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, June 20, 2008 6:03 PM Subject: RE: Server Authentication So i want to know how will my client authenticate the server since i don't have the server's root certificate? Thanks in Advance.. Regards Alok Bhatnagar That is completely application-dependent. The answer will depend on what makes the legitimate server different from an imposter. Your question is basically, how can I detect an impostor?. And the answer is as opposed to what?. For example, if the question is, how can I tell the real amazon.com from an impostor who doesn't control that domain? the answer is to see if the server presents a certificate with 'amazon.com' in the common name that is signed by a CA you trust. If you don't know what CAs you trust, then you have a problem. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]