SSL Cert serial number non-uniqueness impact

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL Cert serial number non-uniqueness impact

pratyush parimal
Hi everyone,

I read  from several sources that the serial number of a cert MUST be unique within a CA. But could someone explain what would happen if the serial number was not unique?

Would it cause SSL connections to fail in some manner? I think I'm a little unclear about the "purpose" of the serial number in the first place. Is it just something the CA uses to keep track of what/how many certificates it has issued, or does it play a part in the SSL connection itself?

Thanks in advance!
Pratyush

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL Cert serial number non-uniqueness impact

Jochen Bern
On 01/14/2018 12:07 PM, pratyush parimal wrote:
> I read  from several sources that the serial number of a cert MUST be
> unique within a CA. But could someone explain what would happen if the
> serial number was not unique?

Certificate Revocation Lists (CRLs) identify invalid certificates by
means of a) the CA keypair that issued it (the pubkey being represented
in the signature) and b) the serial number, *not* pubkey / DN / ..., of
the invalid cert. If that's not unique, revoking one of the affected
certs will have the effect of revoking them all.

Regards,
--
Jochen Bern
Systemingenieur

www.binect.de


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: SSL Cert serial number non-uniqueness impact

OpenSSL - User mailing list
The combination of (issuer,serial#) is the only way to get a unique identifier for a certificate.  Lots of software depends on certs being uniquely identifiable.  What happens if that assertion is not true?  Some things will break.  What?  Well, it depends on the software, and which certs are “duplicates” and so on.  There’s no way to know, really.  Just don’t do it.

For example, if cert-A has a keypair and cert-B has a keypair, then site-B could send a TLS chain with cert-A and while it would look correct, the connection would fail.  This is silly if B is doing it, but it is a DoS attack if a man in the middle does it.
 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL Cert serial number non-uniqueness impact

Wouter Verhelst-2
In reply to this post by pratyush parimal
On 14/01/2018 12:07, pratyush parimal wrote:
> Hi everyone,
>
> I read  from several sources that the serial number of a cert MUST be
> unique within a CA. But could someone explain what would happen if the
> serial number was not unique?

The certificate itself will continue to work (the signature will be
valid), but requesting status on the certificate (e.g., through OCSP or
by doing a lookup in a CRL) will not work as expected as those use the
serial number as an identifier.

> Would it cause SSL connections to fail in some manner?
No, but if the peer wants to request information on the used certificate
from the CA to verify whether the certificate is still valid, it may end
up receiving information about the wrong certificate.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL Cert serial number non-uniqueness impact

Kyle Hamilton
It's important to note that NSS-based applications (such as Firefox)
will actually categorically refuse to connect to a site with an
Issuer/serial collision with another certificate it has seen before.

So yes, it can cause some applications to fail their SSL connections.

-Kyle H

On Tue, Jan 16, 2018 at 1:26 AM, Wouter Verhelst
<[hidden email]> wrote:

> On 14/01/2018 12:07, pratyush parimal wrote:
>> Hi everyone,
>>
>> I read  from several sources that the serial number of a cert MUST be
>> unique within a CA. But could someone explain what would happen if the
>> serial number was not unique?
>
> The certificate itself will continue to work (the signature will be
> valid), but requesting status on the certificate (e.g., through OCSP or
> by doing a lookup in a CRL) will not work as expected as those use the
> serial number as an identifier.
>
>> Would it cause SSL connections to fail in some manner?
> No, but if the peer wants to request information on the used certificate
> from the CA to verify whether the certificate is still valid, it may end
> up receiving information about the wrong certificate.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users