certificate chain and root CA question

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

certificate chain and root CA question

michael Dorrian
The root CA can sign another CA. So you can have as many CA's as you like. But when the root sign another CA why can't that CA act as a trusted CA. For example i made my root CA then i created another server CA which i had signed by the root CA. I tried to load the Server CA cert as my trusted CA cert instead of the root CA cert using SSL_CTX_load verify_locations but it came back as an error. In any certificate chain do u always need to have the root CA in order to verify the chain. If that is the case why are subsidiary CA's needed at all and what is their function. If every client who has a certificate signed by the root CA needs this root CA to verify its chain then any other client could act as a server and you would trust them as they have cert that was signed by your trusted CA. Is this the case. If it is it does not make any sense to me. This is probably not the case and the whole purpose of this certificate chain checking was to stop that type of thing happening but i dont see how it does stop it happening. In this i have put forward two basic questions:
1. Can a CA signed by the root CA act as a trusted CA itself?.
2. How does the certificate chain stop another client who has a certificate signed by the same root authority as you acting as a trusted CA. I know the ip addresses will be different but maybe there is a way around that too.


Yahoo! Travel
Find great deals to the top 10 hottest destinations!
Reply | Threaded
Open this post in threaded view
|

Re: certificate chain and root CA question

Dr. Stephen Henson
On Fri, Mar 17, 2006, michael Dorrian wrote:

>   1. Can a CA signed by the root CA act as a trusted CA itself?.

Provided the root CA permits this...

>   2. How does the certificate chain stop another client who has a
>   certificate signed by the same root authority as you acting as a trusted
>   CA. I know the ip addresses will be different but maybe there is a way
>   around that too.
>

Certificates contain extensions. One extension called basicConstraints
indicates (among other things) whether the certficate is a valid CA. An end
entity (for example server certificates) cannot be used as a CA because this
extension forbids it and any software validating the chain will reject it.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: certificate chain and root CA question

Olaf Gellert
Dr. Stephen Henson wrote:
> On Fri, Mar 17, 2006, michael Dorrian wrote:
>
>>   1. Can a CA signed by the root CA act as a trusted CA itself?.
>
> Provided the root CA permits this...

Actually I think: not. It seems to be impossible
to evaluate a certificate only up to a subCA,
openssl always requires the complete chain up to
the root CA. So I cannot tell openssl "this is a
trusted subordinate CA, that's enough."

This matters in cases, where a certificate hierarchy
has different CAs (eg operated by different organisations).
Right now it seems impossible to me to tell openca:
Accept certificates from this subCA, but not from
this one. Additional means used in mod_ssl (regular
expressions on subject and issuer DN and verifydepth)
may be helpful, but not always sufficient.

Eg the following scenario:

RootCA
  subCA1
     subsubCA1
        client1
  subCA2

subCA2 can issue a subsubCA certificate with the same
DN entries as subsubCA1, which again issues a client
cert with the same DN as client1. So besides the key
material, both client certificates look the same. And
they both evaluate successful, because the software
always checks up to the root. So actually I see no
way for subCA1 to configure mod_ssl or tell the openssl
utilities to trust subCA1 and NOT subCA2... Dangerous...

Or did I miss some additional mechanisms? (always eager
to learn something... :-))

>>   2. How does the certificate chain stop another client who has a
>>   certificate signed by the same root authority as you acting as a trusted
>>   CA. I know the ip addresses will be different but maybe there is a way
>>   around that too.

There are (as Stephen Henson already said) mechanisms to tell CA
certificates from client certificates. And there are even more
extensions that can additionally prevent misuse of certificates
(using user certificates for servers etc), keyUsage and extendedKeyUsage
are your friends. This reduces the problem, but the scenario
above seems to be an unsolved issue as far as I can tell...

In my understanding this results form mixing two things:
Issueing a certificate does just tell "the given name
and key belong together". But that does not necessarily
imply that I trust the owner of the certificate. So there
is a difference between "I trust this root CA to correctly
identify users and I think the issued certificates are all ok"
and "I trust all individuals that own a certificate issued
by this CA". But the later is actually what you do if you
use "SSLCACertificatefile" for mod_ssl. This difference can
actually not be fully expressed with the means of mod_ssl
or the openssl utilities.

Correct me if I'm wrong...

Olaf Gellert

--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           [hidden email]

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: certificate chain and root CA question

Olaf Gellert
Olaf Gellert wrote:

> This matters in cases, where a certificate hierarchy
> has different CAs (eg operated by different organisations).
> Right now it seems impossible to me to tell openca:
                                              =======
Typo, I meant "openssl".

Olaf Gellert

--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           [hidden email]

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: certificate chain and root CA question

Dr. Stephen Henson
In reply to this post by Olaf Gellert
On Fri, Mar 17, 2006, Olaf Gellert wrote:

> Dr. Stephen Henson wrote:
> > On Fri, Mar 17, 2006, michael Dorrian wrote:
> >
> >>   1. Can a CA signed by the root CA act as a trusted CA itself?.
> >
> > Provided the root CA permits this...
>
> Actually I think: not. It seems to be impossible
> to evaluate a certificate only up to a subCA,
> openssl always requires the complete chain up to
> the root CA. So I cannot tell openssl "this is a
> trusted subordinate CA, that's enough."
>

That's not actually what I meant. I meant that a valid subCA signed by a
trusted root CA is itself trusted.

There is a mechanism to restrict trust to explicit chains in S/MIME but not
currently in SSL.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: certificate chain and root CA question

michael Dorrian
Thank you both for your very helpful replies.Now i have tested a so called valid subCA. In my root CA and subCA configuration files(seperate configuration files) i have basic constraints set to "CA:True" exactly the same as the root certificate. But when i loaded my subCA which was signed by my root CA it gave a certificate chain error. A valid subCA signed by a valid root CA cannot be trusted as far as i can see. Or maybe i misunderstood?.

"Dr. Stephen Henson" <[hidden email]> wrote:
On Fri, Mar 17, 2006, Olaf Gellert wrote:

> Dr. Stephen Henson wrote:
> > On Fri, Mar 17, 2006, michael Dorrian wrote:
> >
> >> 1. Can a CA signed by the root CA act as a trusted CA itself?.
> >
> > Provided the root CA permits this...
>
> Actually I think: not. It seems to be impossible
> to evaluate a certificate only up to a subCA,
> openssl always requires the complete chain up to
> the root CA. So I cannot tell openssl "this is a
> trusted subordinate CA, that's enough."
>

That's not actually what I meant. I meant that a valid subCA signed by a
trusted root CA is itself trusted.

There is a mechanism to restrict trust to explicit chains in S/MIME but not
currently in SSL.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


Yahoo! Travel
Find great deals to the top 10 hottest destinations!