Re: Verify certificate using subordinate ca
* Serge Fonville wrote on Wed, Sep 02, 2009 at 13:00 +0200: The chain always includes all CAs and certificates. I've done some googling, and it shows that you can trust 'just' the intermediate CA without trusting the root CA, altough this kinda obsoletes the purpose of the root CA. [...] On Wed, Sep 2, 2009, Yin, Ben 1. ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. I also know people who would like to have such a setup but as far as I know this is not possible with OpenSSL. But maybe there is an indirect possiblity. Could someone please comment on that, telling if what I write below is true or an error in reasoning? I think, a sub CA can easily create a root CA certificate; it just needs to self-sign a certificate with subject == issuer (itself). If used in a mixed environment, the client cannot not send the certification chain (because the client cannot know whether the server is configured to trust root CA and thus needs the `real chain' or to trust the subCA-2-as-root and thus needs the `short chain'), but as far as I know this is not required as long as the servers have all (CA and sub CA) certificates avialable. If used in networks that trust the sub CA only and if the client `knows' that (because it belongs to that group), the client can send the `short chain'. Technically this is simply a root CA, but organisational it is not. It should be possible for someone who has both sub CA certificates (the one issued by root CA, the other the self-signed issued by sub CA 2 itself) to check whether the self-signed is authentic (it is authentic in case both certificates certify the same key). This could be important for parties that load `self signed sub CA certificates' to the 1000 terminals, for instance. Can anyone confirm that this could work or correct it, please? I see reasons for installing sub CA as highest trust anchor. First, as you mentioned, to limit damage in case of compromise. Someone here (Serge Fonville) asked how such a compromise could happen. Of course it should not happen, but in case the damage should be as low as possible. Possibilities to compromise as CA are not limited to brute-force a 2048 bit RSA key; it could be that security officiers are extorted or bribed, it could be, that the CA software is trojaned. It could be, that a big digger lorry or excavator drives straight to the secured environment, grabbing the safe with a small cran to a offroad monster jeep and escape through ways where police cannot follow. And so many other impossiblities that must not happen. But who knows. In case of the impossible happening, it is better to limit damage than not to limit it. It can be important that the treat decreased by the decreased possible damage, so it can be expected that the attack is less attractive, which could be interpreted as to indirectly increase security. Other reasons to want a sub CA could be to ease what certificates are accepted by introducing sub CAs dedicated to special purposes. Lets assume you have a root CA and a sub CA signing user certificates for use with S/MIME email, where user usally have their private keys on hard disk and a second sub CA signing special network certificates where the private keys are stored on hardware security modules (smart cards or so) exclusively. Obviously the practical security level differs a lot. Althrough the root CA of course can be trusted, here the first sub CAs signed certificates would not, because of lower policy. Of course the certificate issuer information can be checked, but isn't it more straightforward to bind the I want to accept from subCA 2 ONYL to the key of subCA 2, so taking subCA 2 as root certificate instead of trusting the root CA? oki, Steffen --[ end of message ]---8=== __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify certificate using subordinate ca
* Dr. Stephen Henson wrote on Wed, Sep 02, 2009 at 15:08 +0200: Including a public key certificate in no way risks the integrity of its private key as several others have said in this thread. I think this theoretically opens the possibility to brute-force the private key. I think that Brute-forcing a private key without knowing the public key would be more difficult and problematic, because some network connection, smart card access or alike would be needed to test whether a guessed key is correct or not. When knowing the public key this can be determined quickly. Otherwise, tracks on networks could be left, smartcards fail counters may exeede or alike. Waiting for smartcards to compute RSA or networks to reply also should be much slower (limiting the number of key tests to a few per minute). Is this theoretically true (althrough far from practical effects)? (of course, it is considered hard to brute-force a reasonable private key, such as 1024 bit RSA.) oki, Steffen --[ end of message ]---8=== __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Verify certificate using subordinate ca
OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. And only using sub ca and certificate to do the verification. Dose it possible? It seems that openssl always try to find the issuer of sub ca during tht chain verification because it wasn't self signed root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 5:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more related to security itself than to the actual key being secure or not. From what I understand, a chain works somewhat like this you --peter john --carl You talk to peter, peter is trusted by john, john is trusted by carl, you trust carl Say if you were to obsolete carl in this chain (by trusting john) john would then become the root If this is the case, why would you want to have carl at all? Thawte, verisign etc work the same way Also, why is distributing a CA cert so difficult? What is your environment? What applications are using the certs? And how do they verify the chain? Again, without the key for each CA it can't be compromised Has this actually happened or is this someone eing paranoid? Who has created the chain? I'm still not clear of the purpose of the root ca if it should not need to be trusted Regards, Serge Fonville On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: No. In our enviroment. The root CA private key is isolated and absolutly safe. Regarding the compromised, I means CA can't be trusted any more, Such as the private key was stolen some how or someone find a way to figure out private key for one CA. it easy to set up new sub ca in one domain if those compromise happened on sub ca. but if it happened on root ca, it's quite hard to fix the our whole network. Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 4:31 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Based on what you state. There is no purpose for the root CA. What do you mean by compromised. If you publish a CA certificate to clients, it does not include the key. (normally) So the only thing a client can do is use it in the session at best. There is NO way a client can use a CA certificate to sign anything without the corresponding key. I have a chain on my website, and noone (except me, because I can access the server) is able to sign anything. Since the CAs are only used for signing and verifying and not for encrypting, if the CA keys are stored safely, there is no 'compromise' Are you distributing the keys as well? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 2:13 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: I only want to verfiy the signature (I mean the procedure when sub ca sign the certiticate). So I guess sub ca and certification should has enough info to do it because we needn't root ca when we use sub ca to sign the certificate. Is there a way for this requirement? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1. (NSN - CN/Cheng Du) Sent: Tuesday, September 01, 2009 3:06 PM To: openssl-users@openssl.org Subject: RE: Verify certificate using subordinate ca Hi Serge, My intention is to keep my root ca out of compromise. We want to use sub ca to splite the domain in the our whole network. Then, we can easy to re-sign a new sub ca and publish it if we find one domain sub ca was compromised. And if we expose the the root ca to public ,it hard to maintain if root ca was cracked. And as you said, create a new chain and let sub ca as root, I don't know how to do it. In my testing, I set verify depth to 1. I guess it will make chain only include certificate and sub ca. the testing show that the openssl still try to find the issuer of sub ca, and so the verification was failed. Here is the output: -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre
Re: Verify certificate using subordinate ca
How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. And only using sub ca and certificate to do the verification. Dose it possible? It seems that openssl always try to find the issuer of sub ca during tht chain verification because it wasn't self signed root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 5:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more related to security itself than to the actual key being secure or not. From what I understand, a chain works somewhat like this you --peter john --carl You talk to peter, peter is trusted by john, john is trusted by carl, you trust carl Say if you were to obsolete carl in this chain (by trusting john) john would then become the root If this is the case, why would you want to have carl at all? Thawte, verisign etc work the same way Also, why is distributing a CA cert so difficult? What is your environment? What applications are using the certs? And how do they verify the chain? Again, without the key for each CA it can't be compromised Has this actually happened or is this someone eing paranoid? Who has created the chain? I'm still not clear of the purpose of the root ca if it should not need to be trusted Regards, Serge Fonville On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: No. In our enviroment. The root CA private key is isolated and absolutly safe. Regarding the compromised, I means CA can't be trusted any more, Such as the private key was stolen some how or someone find a way to figure out private key for one CA. it easy to set up new sub ca in one domain if those compromise happened on sub ca. but if it happened on root ca, it's quite hard to fix the our whole network. Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 4:31 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Based on what you state. There is no purpose for the root CA. What do you mean by compromised. If you publish a CA certificate to clients, it does not include the key. (normally) So the only thing a client can do is use it in the session at best. There is NO way a client can use a CA certificate to sign anything without the corresponding key. I have a chain on my website, and noone (except me, because I can access the server) is able to sign anything. Since the CAs are only used for signing and verifying and not for encrypting, if the CA keys are stored safely, there is no 'compromise' Are you distributing the keys as well? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 2:13 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: I only want to verfiy the signature (I mean the procedure when sub ca sign the certiticate). So I guess sub ca and certification should has enough info to do it because we needn't root ca when we use sub ca to sign the certificate. Is there a way for this requirement? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1. (NSN - CN/Cheng Du) Sent: Tuesday, September 01, 2009 3:06 PM To: openssl-users
RE: Verify certificate using subordinate ca
Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:28 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. And only using sub ca and certificate to do the verification. Dose it possible? It seems that openssl always try to find the issuer of sub ca during tht chain verification because it wasn't self signed root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 5:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more related to security itself than to the actual key being secure or not. From what I understand, a chain works somewhat like this you --peter john --carl You talk to peter, peter is trusted by john, john is trusted by carl, you trust carl Say if you were to obsolete carl in this chain (by trusting john) john would then become the root If this is the case, why would you want to have carl at all? Thawte, verisign etc work the same way Also, why is distributing a CA cert so difficult? What is your environment? What applications are using the certs? And how do they verify the chain? Again, without the key for each CA it can't be compromised Has this actually happened or is this someone eing paranoid? Who has created the chain? I'm still not clear of the purpose of the root ca if it should not need to be trusted Regards, Serge Fonville On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: No. In our enviroment. The root CA private key is isolated and absolutly safe. Regarding the compromised, I means CA can't be trusted any more, Such as the private key was stolen some how or someone find a way to figure out private key for one CA. it easy to set up new sub ca in one domain if those compromise happened on sub ca. but if it happened on root ca, it's quite hard to fix the our whole network. Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 4:31 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Based on what you state. There is no purpose for the root CA. What do you mean by compromised. If you publish a CA certificate to clients, it does not include the key. (normally) So the only thing a client can do is use it in the session at best. There is NO way a client can use a CA certificate to sign anything without the corresponding key. I have a chain on my website, and noone (except me, because I can access the server) is able to sign anything. Since the CAs are only used for signing and verifying and not for encrypting, if the CA keys are stored safely, there is no 'compromise' Are you distributing the keys as well? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 2:13 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: I only
Re: Verify certificate using subordinate ca
If your client application supports that, it could be done. but no standard compliant application allows that to my knowledge. On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:28 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. And only using sub ca and certificate to do the verification. Dose it possible? It seems that openssl always try to find the issuer of sub ca during tht chain verification because it wasn't self signed root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 5:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more related to security itself than to the actual key being secure or not. From what I understand, a chain works somewhat like this you --peter john --carl You talk to peter, peter is trusted by john, john is trusted by carl, you trust carl Say if you were to obsolete carl in this chain (by trusting john) john would then become the root If this is the case, why would you want to have carl at all? Thawte, verisign etc work the same way Also, why is distributing a CA cert so difficult? What is your environment? What applications are using the certs? And how do they verify the chain? Again, without the key for each CA it can't be compromised Has this actually happened or is this someone eing paranoid? Who has created the chain? I'm still not clear of the purpose of the root ca if it should not need to be trusted Regards, Serge Fonville On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: No. In our enviroment. The root CA private key is isolated and absolutly safe. Regarding the compromised, I means CA can't be trusted any more, Such as the private key was stolen some how or someone find a way to figure out private key for one CA. it easy to set up new sub ca in one domain if those compromise happened on sub ca. but if it happened on root ca, it's quite hard to fix the our whole network. Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 4:31 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Based on what you state. There is no purpose for the root CA. What do you mean by compromised. If you publish a CA certificate to clients, it does not include the key. (normally) So the only thing a client can do is use it in the session at best. There is NO way a client can use a CA certificate to sign anything without the corresponding key. I have a chain on my website, and noone (except me, because I can access the server) is able to sign anything. Since the CAs are only used for signing and verifying
RE: Verify certificate using subordinate ca
Hi, What's you mean If your client application supports that, do you mean I do the verify by client itself, don't use openssl default verify functionality? Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:59 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If your client application supports that, it could be done. but no standard compliant application allows that to my knowledge. On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:28 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. And only using sub ca and certificate to do the verification. Dose it possible? It seems that openssl always try to find the issuer of sub ca during tht chain verification because it wasn't self signed root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 5:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more related to security itself than to the actual key being secure or not. From what I understand, a chain works somewhat like this you --peter john --carl You talk to peter, peter is trusted by john, john is trusted by carl, you trust carl Say if you were to obsolete carl in this chain (by trusting john) john would then become the root If this is the case, why would you want to have carl at all? Thawte, verisign etc work the same way Also, why is distributing a CA cert so difficult? What is your environment? What applications are using the certs? And how do they verify the chain? Again, without the key for each CA it can't be compromised Has this actually happened or is this someone eing paranoid? Who has created the chain? I'm still not clear of the purpose of the root ca if it should not need to be trusted Regards, Serge Fonville On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: No. In our enviroment. The root CA private key is isolated and absolutly safe. Regarding the compromised, I means CA can't be trusted any more, Such as the private key was stolen some how or someone find a way to figure out private key for one CA. it easy to set up new sub ca in one domain if those compromise happened on sub ca. but if it happened on root ca, it's quite hard to fix the our whole network. Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 4:31 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Based on what you state. There is no purpose for the root CA. What do you mean by compromised
Re: Verify certificate using subordinate ca
Everytime an application connects to an ssl-enabled server the certificate chain is verified. On Wed, Sep 2, 2009 at 11:37 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, What's you mean If your client application supports that, do you mean I do the verify by client itself, don't use openssl default verify functionality? Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:59 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If your client application supports that, it could be done. but no standard compliant application allows that to my knowledge. On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:28 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. And only using sub ca and certificate to do the verification. Dose it possible? It seems that openssl always try to find the issuer of sub ca during tht chain verification because it wasn't self signed root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 5:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more related to security itself than to the actual key being secure or not. From what I understand, a chain works somewhat like this you --peter john --carl You talk to peter, peter is trusted by john, john is trusted by carl, you trust carl Say if you were to obsolete carl in this chain (by trusting john) john would then become the root If this is the case, why would you want to have carl at all? Thawte, verisign etc work the same way Also, why is distributing a CA cert so difficult? What is your environment? What applications are using the certs? And how do they verify the chain? Again, without the key for each CA it can't be compromised Has this actually happened or is this someone eing paranoid? Who has created the chain? I'm still not clear of the purpose of the root ca if it should not need to be trusted Regards, Serge Fonville On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: No. In our enviroment. The root CA private key is isolated and absolutly safe. Regarding the compromised, I means CA can't be trusted any more, Such as the private key was stolen some how or someone find a way to figure out private key for one CA. it easy to set up new sub ca in one domain if those compromise happened on sub ca. but if it happened on root ca, it's quite hard to fix the our whole network. Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01
RE: Verify certificate using subordinate ca
Yes. When server send certificate signed by sub ca to client. How client can verify it only use sub ca. would you please show me the client side code? :-) Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:43 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Everytime an application connects to an ssl-enabled server the certificate chain is verified. On Wed, Sep 2, 2009 at 11:37 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, What's you mean If your client application supports that, do you mean I do the verify by client itself, don't use openssl default verify functionality? Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:59 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If your client application supports that, it could be done. but no standard compliant application allows that to my knowledge. On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:28 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. And only using sub ca and certificate to do the verification. Dose it possible? It seems that openssl always try to find the issuer of sub ca during tht chain verification because it wasn't self signed root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 5:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more related to security itself than to the actual key being secure or not. From what I understand, a chain works somewhat like this you --peter john --carl You talk to peter, peter is trusted by john, john is trusted by carl, you trust carl Say if you were to obsolete carl in this chain (by trusting john) john would then become the root If this is the case, why would you want to have carl at all? Thawte, verisign etc work the same way Also, why is distributing a CA cert so difficult? What is your environment? What applications are using the certs? And how do they verify the chain? Again, without the key for each CA it can't be compromised Has this actually happened or is this someone eing paranoid? Who has created the chain? I'm still not clear of the purpose of the root ca if it should not need to be trusted Regards, Serge Fonville On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: No. In our enviroment. The root CA private key is isolated and absolutly safe. Regarding the compromised, I means CA can't be trusted any more, Such as the private
Re: Verify certificate using subordinate ca
Wat exactly are the applications you use, are they compiled against openssl libraries? On Wed, Sep 2, 2009 at 11:49 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Yes. When server send certificate signed by sub ca to client. How client can verify it only use sub ca. would you please show me the client side code? :-) Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:43 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Everytime an application connects to an ssl-enabled server the certificate chain is verified. On Wed, Sep 2, 2009 at 11:37 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, What's you mean If your client application supports that, do you mean I do the verify by client itself, don't use openssl default verify functionality? Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:59 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If your client application supports that, it could be done. but no standard compliant application allows that to my knowledge. On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:28 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. And only using sub ca and certificate to do the verification. Dose it possible? It seems that openssl always try to find the issuer of sub ca during tht chain verification because it wasn't self signed root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 5:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more related to security itself than to the actual key being secure or not. From what I understand, a chain works somewhat like this you --peter john --carl You talk to peter, peter is trusted by john, john is trusted by carl, you trust carl Say if you were to obsolete carl in this chain (by trusting john) john would then become the root If this is the case, why would you want to have carl at all? Thawte, verisign etc work the same way Also, why is distributing a CA cert so difficult? What is your environment? What applications are using the certs? And how do they verify the chain? Again, without the key for each CA it can't be compromised Has this actually happened or is this someone eing paranoid? Who has created the chain? I'm still not clear of the purpose of the root ca if it should not need to be trusted Regards, Serge Fonville On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng Du
RE: Verify certificate using subordinate ca
Yes. It use openssl lib. My client server looks like follow to set up sub ca and certificate, the CERTFILE only include the certificate signed by sub ca. Thanks. ... if (SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1) int_error(Error loading CA file and/or directory); if (SSL_CTX_set_default_verify_paths(ctx) != 1) int_error(Error loading default CA file and/or directory); if (SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) != 1) int_error(Error loading certificate from file); if (SSL_CTX_use_PrivateKey_file(ctx, KEYFILE, SSL_FILETYPE_PEM) != 1) int_error(Error loading private key from file); Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:52 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Wat exactly are the applications you use, are they compiled against openssl libraries? On Wed, Sep 2, 2009 at 11:49 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Yes. When server send certificate signed by sub ca to client. How client can verify it only use sub ca. would you please show me the client side code? :-) Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:43 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Everytime an application connects to an ssl-enabled server the certificate chain is verified. On Wed, Sep 2, 2009 at 11:37 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, What's you mean If your client application supports that, do you mean I do the verify by client itself, don't use openssl default verify functionality? Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:59 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If your client application supports that, it could be done. but no standard compliant application allows that to my knowledge. On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:28 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. And only using sub ca and certificate to do the verification. Dose it possible? It seems that openssl always try to find the issuer of sub ca during tht chain verification because it wasn't self signed root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 5:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more
Re: Verify certificate using subordinate ca
If you are using client certificates, use a CRL at the server side. that way you can assure that only those that you want can connect to the server Regarding the certificates. * Distribute the CA certificates (a simple script suffices) * Store the certificates and keys on a safe medium you can put in a vault * Store only the CA certificates (not the keys) and the server certificate and key on your server. Obviously all keys are encrypted using a strong password... Regards, Serge Fonville To answer your original question, you can not verify a chain without all chain members to verify against root -- sub -- client/server cert On Wed, Sep 2, 2009 at 12:02 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Yes. It use openssl lib. My client server looks like follow to set up sub ca and certificate, the CERTFILE only include the certificate signed by sub ca. Thanks. ... if (SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1) int_error(Error loading CA file and/or directory); if (SSL_CTX_set_default_verify_paths(ctx) != 1) int_error(Error loading default CA file and/or directory); if (SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) != 1) int_error(Error loading certificate from file); if (SSL_CTX_use_PrivateKey_file(ctx, KEYFILE, SSL_FILETYPE_PEM) != 1) int_error(Error loading private key from file); Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:52 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Wat exactly are the applications you use, are they compiled against openssl libraries? On Wed, Sep 2, 2009 at 11:49 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Yes. When server send certificate signed by sub ca to client. How client can verify it only use sub ca. would you please show me the client side code? :-) Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:43 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Everytime an application connects to an ssl-enabled server the certificate chain is verified. On Wed, Sep 2, 2009 at 11:37 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, What's you mean If your client application supports that, do you mean I do the verify by client itself, don't use openssl default verify functionality? Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:59 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If your client application supports that, it could be done. but no standard compliant application allows that to my knowledge. On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:28 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca
RE: Verify certificate using subordinate ca
I mean does it possible to verify the certificate successfully if chain only including sub ca and certificate singed by sub ca. geiven we trust the sub ca even if it wasn't a self sign root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 1:30 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If you are using client certificates, use a CRL at the server side. that way you can assure that only those that you want can connect to the server Regarding the certificates. * Distribute the CA certificates (a simple script suffices) * Store the certificates and keys on a safe medium you can put in a vault * Store only the CA certificates (not the keys) and the server certificate and key on your server. Obviously all keys are encrypted using a strong password... Regards, Serge Fonville To answer your original question, you can not verify a chain without all chain members to verify against root -- sub -- client/server cert On Wed, Sep 2, 2009 at 12:02 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Yes. It use openssl lib. My client server looks like follow to set up sub ca and certificate, the CERTFILE only include the certificate signed by sub ca. Thanks. ... if (SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1) int_error(Error loading CA file and/or directory); if (SSL_CTX_set_default_verify_paths(ctx) != 1) int_error(Error loading default CA file and/or directory); if (SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) != 1) int_error(Error loading certificate from file); if (SSL_CTX_use_PrivateKey_file(ctx, KEYFILE, SSL_FILETYPE_PEM) != 1) int_error(Error loading private key from file); Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:52 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Wat exactly are the applications you use, are they compiled against openssl libraries? On Wed, Sep 2, 2009 at 11:49 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Yes. When server send certificate signed by sub ca to client. How client can verify it only use sub ca. would you please show me the client side code? :-) Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:43 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Everytime an application connects to an ssl-enabled server the certificate chain is verified. On Wed, Sep 2, 2009 at 11:37 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, What's you mean If your client application supports that, do you mean I do the verify by client itself, don't use openssl default verify functionality? Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:59 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If your client application supports that, it could be done. but no standard compliant application allows that to my knowledge. On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:28 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca How do you think compromising a CA would occur, because a CA could only becom compromised when someone leaks the key for that specific CA And if it happens once, it will likely happen twice. And I hope in your best interest, you are not distributing keys to terminals. Also, if you need to copy a file to 1000^2 terminals, use a script. I assume you have a list of all these terminals (otherwise you have a serious problem) I assume you are using server certificates and client certificates. with these there corresponds a CRL, this crl can be automatically used by any clientapplication that uses a certificate issued by any CA Bacically, are you distributing keys to terminals? Regards, Serge Fonville On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote
Re: Verify certificate using subordinate ca
The chain always includes all CAs and certificates. I've done some googling, and it shows that you can trust 'just' the intermediate CA without trusting the root CA, altough this kinda obsoletes the purpose of the root CA. Also, it wholly depends on the applications that use the certificates for the encrypted connections. For example, IE does not support trusting just the intermediate CA (in my experience) if you are developing your own client/server you can trust as you please on whatever criteria is relevant to you. Perhaps a good idea to read up on hwo ssl works http://it.toolbox.com/blogs/securitymonkey/howto-securing-a-website-with-client-ssl-certificates-11500 http://publib.boulder.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=/com.ibm.ztpf-ztpfdf.doc_put.cur/gtps5/s5vctch.html http://nl.wikipedia.org/wiki/Secure_Sockets_Layer HTH Regards, Serge Fonville On Wed, Sep 2, 2009 at 12:36 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: I mean does it possible to verify the certificate successfully if chain only including sub ca and certificate singed by sub ca. geiven we trust the sub ca even if it wasn't a self sign root ca. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 1:30 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If you are using client certificates, use a CRL at the server side. that way you can assure that only those that you want can connect to the server Regarding the certificates. * Distribute the CA certificates (a simple script suffices) * Store the certificates and keys on a safe medium you can put in a vault * Store only the CA certificates (not the keys) and the server certificate and key on your server. Obviously all keys are encrypted using a strong password... Regards, Serge Fonville To answer your original question, you can not verify a chain without all chain members to verify against root -- sub -- client/server cert On Wed, Sep 2, 2009 at 12:02 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Yes. It use openssl lib. My client server looks like follow to set up sub ca and certificate, the CERTFILE only include the certificate signed by sub ca. Thanks. ... if (SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1) int_error(Error loading CA file and/or directory); if (SSL_CTX_set_default_verify_paths(ctx) != 1) int_error(Error loading default CA file and/or directory); if (SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) != 1) int_error(Error loading certificate from file); if (SSL_CTX_use_PrivateKey_file(ctx, KEYFILE, SSL_FILETYPE_PEM) != 1) int_error(Error loading private key from file); Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:52 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Wat exactly are the applications you use, are they compiled against openssl libraries? On Wed, Sep 2, 2009 at 11:49 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Yes. When server send certificate signed by sub ca to client. How client can verify it only use sub ca. would you please show me the client side code? :-) Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 12:43 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Everytime an application connects to an ssl-enabled server the certificate chain is verified. On Wed, Sep 2, 2009 at 11:37 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, What's you mean If your client application supports that, do you mean I do the verify by client itself, don't use openssl default verify functionality? Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Wednesday, September 02, 2009 11:59 AM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca If your client application supports that, it could be done. but no standard compliant application allows that to my knowledge. On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi Serge, Maybe we can put the root ca into the verification chain if I can prove the verfiy certificate using only sub ca is impossible. But before that, do you know if it's possible to verfiy certificate without root ca? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl
Re: Verify certificate using subordinate ca
On Wed, Sep 02, 2009, Yin, Ben 1. (NSN - CN/Cheng Du) wrote: OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the total network size is 1000*1000. All our ca, including root ca and sub ca, was stored offline. I need copy sub ca to terminal it was used. So if one of sub ca was compromised, what I need to do is sign a new sub ca using root ca and copy it to 1000 terminal where sub ca has been compromised. And if root ca was compromised, I need to re-deploy CA on 1000*1000 terminal mannuly. That is why I want to keep root ca out of the chain. Including a public key certificate in no way risks the integrity of its private key as several others have said in this thread. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Verify certificate using subordinate ca
Hi, It there a way to verify certificate with out root ca? I have 4 certificate: rootca.pem is the root ca (self signed). subca.pem was signed by rootca.pem. cert1.pem cert2.pem was signed by subca.pem. I was supposed to configure the client and server using subca.pem as ca, and cert1.pem cert2.pem as certificate. It seem that openssl still try to find rootca.pem to verfiy subca.pem when handshake. But I don't what root.pem can bo accessed for keeping it safe. So It there a way to verify certificate with out root ca, only using sub ca and certificate signed by sub ca? Thanks. Br Ben
Re: Verify certificate using subordinate ca
Hi, Hmm... I've had the same issue. Basically it came down to how do you know if the sub is reliable if you do not know whether to trust the root? If you do not wish to have the root as part of the chain, create a new chain where the sub is the root What is the reason you do not want to use the root in the chain check, but it should be part of the chain? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 1:04 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, It there a way to verify certificate with out root ca? I have 4 certificate: rootca.pem is the root ca (self signed). subca.pem was signed by rootca.pem. cert1.pem cert2.pem was signed by subca.pem. I was supposed to configure the client and server using subca.pem as ca, and cert1.pem cert2.pem as certificate. It seem that openssl still try to find rootca.pem to verfiy subca.pem when handshake. But I don't what root.pem can bo accessed for keeping it safe. So It there a way to verify certificate with out root ca, only using sub ca and certificate signed by sub ca? Thanks. Br Ben __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Verify certificate using subordinate ca
Hi Serge, My intention is to keep my root ca out of compromise. We want to use sub ca to splite the domain in the our whole network. Then, we can easy to re-sign a new sub ca and publish it if we find one domain sub ca was compromised. And if we expose the the root ca to public ,it hard to maintain if root ca was cracked. And as you said, create a new chain and let sub ca as root, I don't know how to do it. In my testing, I set verify depth to 1. I guess it will make chain only include certificate and sub ca. the testing show that the openssl still try to find the issuer of sub ca, and so the verification was failed. Here is the output: -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 20:unable to get local issuer certificate -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 27:certificate not trusted -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 27:certificate not trusted And FYI. Here is the complete chain verfication output. -with certificate at depth: 2 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA err 0:ok -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 0:ok -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 0:ok Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 2:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Hi, Hmm... I've had the same issue. Basically it came down to how do you know if the sub is reliable if you do not know whether to trust the root? If you do not wish to have the root as part of the chain, create a new chain where the sub is the root What is the reason you do not want to use the root in the chain check, but it should be part of the chain? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 1:04 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, It there a way to verify certificate with out root ca? I have 4 certificate: rootca.pem is the root ca (self signed). subca.pem was signed by rootca.pem. cert1.pem cert2.pem was signed by subca.pem. I was supposed to configure the client and server using subca.pem as ca, and cert1.pem cert2.pem as certificate. It seem that openssl still try to find rootca.pem to verfiy subca.pem when handshake. But I don't what root.pem can bo accessed for keeping it safe. So It there a way to verify certificate with out root ca, only using sub ca and certificate signed by sub ca? Thanks. Br Ben __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Verify certificate using subordinate ca
I only want to verfiy the signature (I mean the procedure when sub ca sign the certiticate). So I guess sub ca and certification should has enough info to do it because we needn't root ca when we use sub ca to sign the certificate. Is there a way for this requirement? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1. (NSN - CN/Cheng Du) Sent: Tuesday, September 01, 2009 3:06 PM To: openssl-users@openssl.org Subject: RE: Verify certificate using subordinate ca Hi Serge, My intention is to keep my root ca out of compromise. We want to use sub ca to splite the domain in the our whole network. Then, we can easy to re-sign a new sub ca and publish it if we find one domain sub ca was compromised. And if we expose the the root ca to public ,it hard to maintain if root ca was cracked. And as you said, create a new chain and let sub ca as root, I don't know how to do it. In my testing, I set verify depth to 1. I guess it will make chain only include certificate and sub ca. the testing show that the openssl still try to find the issuer of sub ca, and so the verification was failed. Here is the output: -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 20:unable to get local issuer certificate -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 27:certificate not trusted -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 27:certificate not trusted And FYI. Here is the complete chain verfication output. -with certificate at depth: 2 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA err 0:ok -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 0:ok -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 0:ok Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 2:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Hi, Hmm... I've had the same issue. Basically it came down to how do you know if the sub is reliable if you do not know whether to trust the root? If you do not wish to have the root as part of the chain, create a new chain where the sub is the root What is the reason you do not want to use the root in the chain check, but it should be part of the chain? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 1:04 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, It there a way to verify certificate with out root ca? I have 4 certificate: rootca.pem is the root ca (self signed). subca.pem was signed by rootca.pem. cert1.pem cert2.pem was signed by subca.pem. I was supposed to configure the client and server using subca.pem as ca, and cert1.pem cert2.pem as certificate. It seem that openssl still try to find rootca.pem to verfiy subca.pem when handshake. But I don't what root.pem can bo accessed for keeping it safe. So It there a way to verify certificate with out root ca, only using sub ca and certificate signed by sub ca? Thanks. Br Ben __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Verify certificate using subordinate ca
Based on what you state. There is no purpose for the root CA. What do you mean by compromised. If you publish a CA certificate to clients, it does not include the key. (normally) So the only thing a client can do is use it in the session at best. There is NO way a client can use a CA certificate to sign anything without the corresponding key. I have a chain on my website, and noone (except me, because I can access the server) is able to sign anything. Since the CAs are only used for signing and verifying and not for encrypting, if the CA keys are stored safely, there is no 'compromise' Are you distributing the keys as well? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 2:13 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: I only want to verfiy the signature (I mean the procedure when sub ca sign the certiticate). So I guess sub ca and certification should has enough info to do it because we needn't root ca when we use sub ca to sign the certificate. Is there a way for this requirement? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1. (NSN - CN/Cheng Du) Sent: Tuesday, September 01, 2009 3:06 PM To: openssl-users@openssl.org Subject: RE: Verify certificate using subordinate ca Hi Serge, My intention is to keep my root ca out of compromise. We want to use sub ca to splite the domain in the our whole network. Then, we can easy to re-sign a new sub ca and publish it if we find one domain sub ca was compromised. And if we expose the the root ca to public ,it hard to maintain if root ca was cracked. And as you said, create a new chain and let sub ca as root, I don't know how to do it. In my testing, I set verify depth to 1. I guess it will make chain only include certificate and sub ca. the testing show that the openssl still try to find the issuer of sub ca, and so the verification was failed. Here is the output: -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 20:unable to get local issuer certificate -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 27:certificate not trusted -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 27:certificate not trusted And FYI. Here is the complete chain verfication output. -with certificate at depth: 2 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA err 0:ok -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 0:ok -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 0:ok Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 2:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Hi, Hmm... I've had the same issue. Basically it came down to how do you know if the sub is reliable if you do not know whether to trust the root? If you do not wish to have the root as part of the chain, create a new chain where the sub is the root What is the reason you do not want to use the root in the chain check, but it should be part of the chain? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 1:04 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, It there a way to verify certificate with out root ca? I have 4 certificate: rootca.pem is the root ca (self signed). subca.pem was signed by rootca.pem. cert1.pem cert2.pem was signed by subca.pem. I was supposed to configure the client and server using subca.pem as ca, and cert1.pem cert2.pem as certificate. It seem that openssl still try to find rootca.pem to verfiy subca.pem when handshake. But I don't what root.pem can bo accessed for keeping it safe. So It there a way to verify certificate with out root ca, only using sub ca and certificate signed by sub ca? Thanks. Br Ben __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org
Verify certificate using subordinate ca
Hi, It there a way to verify certificate with out root ca? I have 4 certificate: rootca.pem is the root ca (self signed). subca.pem was signed by rootca.pem. cert1.pem cert2.pem was signed by subca.pem. I was supposed to configure the client and server using subca.pem as ca, and cert1.pem cert2.pem as certificate. It seem that openssl still try to find rootca.pem to verfiy subca.pem when handshake. But I don't what root.pem can bo accessed for keeping it safe. So It there a way to verify certificate with out root ca, only using sub ca and certificate signed by sub ca? Thanks. Br Ben
RE: Verify certificate using subordinate ca
No. In our enviroment. The root CA private key is isolated and absolutly safe. Regarding the compromised, I means CA can't be trusted any more, Such as the private key was stolen some how or someone find a way to figure out private key for one CA. it easy to set up new sub ca in one domain if those compromise happened on sub ca. but if it happened on root ca, it's quite hard to fix the our whole network. Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 4:31 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Based on what you state. There is no purpose for the root CA. What do you mean by compromised. If you publish a CA certificate to clients, it does not include the key. (normally) So the only thing a client can do is use it in the session at best. There is NO way a client can use a CA certificate to sign anything without the corresponding key. I have a chain on my website, and noone (except me, because I can access the server) is able to sign anything. Since the CAs are only used for signing and verifying and not for encrypting, if the CA keys are stored safely, there is no 'compromise' Are you distributing the keys as well? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 2:13 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: I only want to verfiy the signature (I mean the procedure when sub ca sign the certiticate). So I guess sub ca and certification should has enough info to do it because we needn't root ca when we use sub ca to sign the certificate. Is there a way for this requirement? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1. (NSN - CN/Cheng Du) Sent: Tuesday, September 01, 2009 3:06 PM To: openssl-users@openssl.org Subject: RE: Verify certificate using subordinate ca Hi Serge, My intention is to keep my root ca out of compromise. We want to use sub ca to splite the domain in the our whole network. Then, we can easy to re-sign a new sub ca and publish it if we find one domain sub ca was compromised. And if we expose the the root ca to public ,it hard to maintain if root ca was cracked. And as you said, create a new chain and let sub ca as root, I don't know how to do it. In my testing, I set verify depth to 1. I guess it will make chain only include certificate and sub ca. the testing show that the openssl still try to find the issuer of sub ca, and so the verification was failed. Here is the output: -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 20:unable to get local issuer certificate -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 27:certificate not trusted -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 27:certificate not trusted And FYI. Here is the complete chain verfication output. -with certificate at depth: 2 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA err 0:ok -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 0:ok -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 0:ok Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 2:14 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Hi, Hmm... I've had the same issue. Basically it came down to how do you know if the sub is reliable if you do not know whether to trust the root? If you do not wish to have the root as part of the chain, create a new chain where the sub is the root What is the reason you do not want to use the root in the chain check, but it should be part of the chain? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 1:04 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: Hi, It there a way to verify certificate with out root ca? I have 4 certificate: rootca.pem is the root ca (self signed). subca.pem was signed by rootca.pem. cert1.pem cert2.pem was signed by subca.pem. I was supposed to configure the client and server using subca.pem as ca, and cert1.pem cert2.pem as certificate. It seem that openssl still try to find rootca.pem to verfiy subca.pem when handshake. But I don't what root.pem can bo accessed for keeping it safe. So It there a way to verify
Re: Verify certificate using subordinate ca
I don't see your problem honestly. Figuring out a private key is close to impossible. And stealing it, well, that is more related to security itself than to the actual key being secure or not. From what I understand, a chain works somewhat like this you --peter john --carl You talk to peter, peter is trusted by john, john is trusted by carl, you trust carl Say if you were to obsolete carl in this chain (by trusting john) john would then become the root If this is the case, why would you want to have carl at all? Thawte, verisign etc work the same way Also, why is distributing a CA cert so difficult? What is your environment? What applications are using the certs? And how do they verify the chain? Again, without the key for each CA it can't be compromised Has this actually happened or is this someone eing paranoid? Who has created the chain? I'm still not clear of the purpose of the root ca if it should not need to be trusted Regards, Serge Fonville On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: No. In our enviroment. The root CA private key is isolated and absolutly safe. Regarding the compromised, I means CA can't be trusted any more, Such as the private key was stolen some how or someone find a way to figure out private key for one CA. it easy to set up new sub ca in one domain if those compromise happened on sub ca. but if it happened on root ca, it's quite hard to fix the our whole network. Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01, 2009 4:31 PM To: openssl-users@openssl.org Subject: Re: Verify certificate using subordinate ca Based on what you state. There is no purpose for the root CA. What do you mean by compromised. If you publish a CA certificate to clients, it does not include the key. (normally) So the only thing a client can do is use it in the session at best. There is NO way a client can use a CA certificate to sign anything without the corresponding key. I have a chain on my website, and noone (except me, because I can access the server) is able to sign anything. Since the CAs are only used for signing and verifying and not for encrypting, if the CA keys are stored safely, there is no 'compromise' Are you distributing the keys as well? HTH Regards, Serge Fonville On Tue, Sep 1, 2009 at 2:13 PM, Yin, Ben 1. (NSN - CN/Cheng Du)ben.1@nsn.com wrote: I only want to verfiy the signature (I mean the procedure when sub ca sign the certiticate). So I guess sub ca and certification should has enough info to do it because we needn't root ca when we use sub ca to sign the certificate. Is there a way for this requirement? Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1. (NSN - CN/Cheng Du) Sent: Tuesday, September 01, 2009 3:06 PM To: openssl-users@openssl.org Subject: RE: Verify certificate using subordinate ca Hi Serge, My intention is to keep my root ca out of compromise. We want to use sub ca to splite the domain in the our whole network. Then, we can easy to re-sign a new sub ca and publish it if we find one domain sub ca was compromised. And if we expose the the root ca to public ,it hard to maintain if root ca was cracked. And as you said, create a new chain and let sub ca as root, I don't know how to do it. In my testing, I set verify depth to 1. I guess it will make chain only include certificate and sub ca. the testing show that the openssl still try to find the issuer of sub ca, and so the verification was failed. Here is the output: -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 20:unable to get local issuer certificate -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 27:certificate not trusted -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 27:certificate not trusted And FYI. Here is the complete chain verfication output. -with certificate at depth: 2 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA err 0:ok -with certificate at depth: 1 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA err 0:ok -with certificate at depth: 0 issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab. err 0:ok Thanks. Br Ben -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville Sent: Tuesday, September 01
