check certificate chain in a pem file

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

check certificate chain in a pem file

ashish2881
I have a certificate chain in a file chain.pem .it also has root certificate(self signed) .
How can i verify the chain,if all certificates are present in the chain .

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: check certificate chain in a pem file

Jakob Bohm-7
On 2/21/2013 2:29 PM, ashish2881 wrote:
> I have a certificate chain in a file chain.pem .it also has root
> certificate(self signed) .
> How can i verify the chain,if all certificates are present in the chain .
>
> Thanks
>
>

Good question!

I recently tested this myself, and here are my (preliminary) results:

If using the OpenSSL API in a program, you can load the chain and the CA
cert into two "X509 stores", then loop over the store calling a function
to validate each certificate in the chain store against the CA store
with options to use the chain store to locate intermediary certificates.

But on the command line, things are unnecessarily difficult.

Here is what you need to do:

1. Split the chain file into one file per certificate, noting the order

2. For each certificate starting with the one above root:

2.1 Concatenate all the previous certificates and the root certificate
to one temporary file (This example is for when you are checking the
third certifate from the bottom, having already checked cert1.pem and
cert2.pem

    Unix:    cat cert2.pem cert1.pem root.pem > cert2-chain.pem
    Windows: copy /A cert1.pem+cert1.pem+root.pem cert2-chain.pem /A

2.2 Run this command

             openssl verify -CAfile cert2-chain.pem cert3.pem

2.3 If this is OK, proceed to the next one (cert4.pem in this case)

Thus for the first round through the commands would be

   Unix:     cat root.pem > root-chain.pem
   Windows:  copy /A root.pem root-chain.pem
   Both:     openssl verify -CAfile root-chain.pem cert1.pem

And the second round would be

   Unix:     cat cert1.pem root.pem > cert1-chain.pem
   Windows:  copy /A cert1.pem+root.pem cert1-chain.pem
   Both:     openssl verify -CAfile cert1-chain.pem cert2.pem

Etc.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: check certificate chain in a pem file

ashish2881
This post has NOT been accepted by the mailing list yet.
Dear Jakob : Thanks for the reply .

I am using API 's in my code to verify : like this
1. Initialize the global certificate validation store object
store = X509_STORE_new()
2.Create the context structure for the validation operation
X509_STORE_CTX_new()
3.Load the certificate and cacert chain from file (PEM)
BIO_read_filename()
PEM_read_bio_X509()
*** after that i should use : X509_STORE_load_locations()  for ca-certificate chain
my certificate contains full chain including ca-cert , so i skipped this function call
 i m not sure if it is correct ....I believe no need to store ca-cert chain ,as it is already present in certificate.

4 .Initialize the ctx structure for a verification operation
X509_STORE_CTX_init()

5 . verification
X509_verify_cert()
.....
do you think my 3rd step is correct ?

Thanks
ashish
Cisco Systems


Reply | Threaded
Open this post in threaded view
|

Re: check certificate chain in a pem file

ashish2881
This post has NOT been accepted by the mailing list yet.
In reply to this post by Jakob Bohm-7
Or ..what is the procedure to split the certificates present in a single file ..

Thanks
Reply | Threaded
Open this post in threaded view
|

RE: check certificate chain in a pem file

Dave Thompson-5
In reply to this post by Jakob Bohm-7
> From: [hidden email] On Behalf Of Jakob Bohm
> Sent: Friday, 22 February, 2013 06:03

> On 2/21/2013 2:29 PM, ashish2881 wrote:
> > I have a certificate chain in a file chain.pem .it also has root
> > certificate(self signed) .
> > How can i verify the chain,if all certificates are present
> in the chain .

I'm not sure if OP means chain.pem contains the chain certs and the
root cert, or if they have chain.pem and also e.g. root.pem.

> I recently tested this myself, and here are my (preliminary) results:
>
> If using the OpenSSL API in a program, you can load the chain
> and the CA
> cert into two "X509 stores", then loop over the store calling
> a function
> to validate each certificate in the chain store against the CA store
> with options to use the chain store to locate intermediary
> certificates.
>
You can, but you don't need to. As long as you identify which
is the end-entity cert, just X509_verify_cert that against
a store containing (at least) the other certs. OpenSSL will
build the chain from the specified cert to and including
the root, and verify all of it. If there's an error anywhere
and you have a callback set, that will tell you where.

> But on the command line, things are unnecessarily difficult.
>
No, for the same reason. If chain.pem doesn't already contain
the root, add it; either way call the result chainx.pem. If
EE cert is first in chainx.pem, which is fairly common practice,
openssl verify -CAfile chainx.pem chainx.pem takes the *first*
cert from chainx.pem and verifies its full chain (if possible)
from (a store containing) all the other certs in chainx.pem.
If the EE cert isn't first, extract it to entity.pem and
openssl verify -CAfile chainx.pem entity.pem.

The one limitation, implicit above, is "a" chain, singular.
If there is more than one chain above a given cert or subtree --
e.g. Clam-Shack-CA has its own root but also is cross-certified
by Certs-R-Us -- X509_verify_cert can only do one of them per call.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: check certificate chain in a pem file

Jakob Bohm-7
On 2/25/2013 4:26 AM, Dave Thompson wrote:

>> From: [hidden email] On Behalf Of Jakob Bohm
>> Sent: Friday, 22 February, 2013 06:03
>
>> On 2/21/2013 2:29 PM, ashish2881 wrote:
>>> I have a certificate chain in a file chain.pem .it also has root
>>> certificate(self signed) .
>>> How can i verify the chain,if all certificates are present
>> in the chain .
>
> I'm not sure if OP means chain.pem contains the chain certs and the
> root cert, or if they have chain.pem and also e.g. root.pem.

I tried to write my answer to work in either case.

>
>> I recently tested this myself, and here are my (preliminary) results:
>>
>> If using the OpenSSL API in a program, you can load the chain
>> and the CA
>> cert into two "X509 stores", then loop over the store calling
>> a function
>> to validate each certificate in the chain store against the CA store
>> with options to use the chain store to locate intermediary
>> certificates.
>>
> You can, but you don't need to. As long as you identify which
> is the end-entity cert, just X509_verify_cert that against
> a store containing (at least) the other certs. OpenSSL will
> build the chain from the specified cert to and including
> the root, and verify all of it. If there's an error anywhere
> and you have a callback set, that will tell you where.
>
>> But on the command line, things are unnecessarily difficult.
>>
> No, for the same reason. If chain.pem doesn't already contain
> the root, add it; either way call the result chainx.pem. If
> EE cert is first in chainx.pem, which is fairly common practice,
> openssl verify -CAfile chainx.pem chainx.pem takes the *first*
> cert from chainx.pem and verifies its full chain (if possible)
> from (a store containing) all the other certs in chainx.pem.
> If the EE cert isn't first, extract it to entity.pem and
> openssl verify -CAfile chainx.pem entity.pem.
>
> The one limitation, implicit above, is "a" chain, singular.
> If there is more than one chain above a given cert or subtree --
> e.g. Clam-Shack-CA has its own root but also is cross-certified
> by Certs-R-Us -- X509_verify_cert can only do one of them per call.
>

My experience was with GlobalSign certs, they have an old 1024 bit
root and a new 2048 bit root.  The 2048 bit root is also cross signed
by the old 1024 bit root to facilitate trust by old browsers that only
include the old root.  I was double checking a combined chain file
before installing it on production web servers that need to work in
both scenarios.

The documentation for the openssl command line tools (I have
insufficiently checked the source) are quite vague if including an
intermediary cert in -CAfile and/or -CApath makes it trusted.  Most
other SSL/X.509 implementations feature clearly separated stores for
trusted CAs, blacklisted CAs and locally available copies of
intermediary certs, which also makes it easier for end users to deal
with incidents such as the recent scandals with mismanaged intermediary
CAs.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: check certificate chain in a pem file

ashish2881
Hi Jakob ...
                 My doubt is like this .

I have a .pem file say : chain.pem
chain.pem == server certificate-> intermediate CA certificate -> self signed root certificate .

Now i am writing the code in C using opensl Api's to verify this (chain.pem) chain .
filename ======> chain.pem
Currently I am doing like this :
    SSL_CTX *sslctx = NULL;
    STACK_OF(X509)* ca_stack = NULL ;
    sslctx = SSL_CTX_new(SSLv23_server_method());

BIO_new(BIO_s_file_internal());
x =PEM_read_bio_X509
store=X509_STORE_new
vrfy_ctx = X509_STORE_CTX_new();
SSL_CTX_use_certificate_chain_file(sslctx, filename)
ca_stack = sslctx->extra_certs
X509_STORE_CTX_init(vrfy_ctx, NULL, x, ca_stack)
X509_verify_cert(vrfy_ctx)

---i am seeing error while doing this .....am i doing everything right .....

or please let me know ...how can i verify my chain.pem .....
Reply | Threaded
Open this post in threaded view
|

RE: check certificate chain in a pem file

Dave Thompson-5
In reply to this post by Jakob Bohm-7
> From: [hidden email] On Behalf Of Jakob Bohm
> Sent: Monday, 25 February, 2013 03:18

> On 2/25/2013 4:26 AM, Dave Thompson wrote:
<snip about verify-chain>

> > The one limitation, implicit above, is "a" chain, singular.
> > If there is more than one chain above a given cert or subtree --
> > e.g. Clam-Shack-CA has its own root but also is cross-certified
> > by Certs-R-Us -- X509_verify_cert can only do one of them per call.
> >
>
> My experience was with GlobalSign certs, they have an old 1024 bit
> root and a new 2048 bit root.  The 2048 bit root is also cross signed
> by the old 1024 bit root to facilitate trust by old browsers that only
> include the old root.  I was double checking a combined chain file
> before installing it on production web servers that need to work in
> both scenarios.
>
Yes, that is exactly the case I referred to. For that you can
verify the ...newroot chain as a whole, or the ...cross,oldroot
chain as a whole, but not both at once. (Or you can verify
leaf using imed,newroot and then imed using cross,oldroot,
thus only checking leaf-to-imed once.) As a result openssl
client apps (and server for client-auth, but that's rarer)
do not handle this situation very well; fortunately "real"
clients like web browsers usually do. (I encountered this
when Verisign a few years ago similarly went to "G5" 2048bit
with a compatibility path back to "G1".)

> The documentation for the openssl command line tools (I have
> insufficiently checked the source) are quite vague if including an
> intermediary cert in -CAfile and/or -CApath makes it trusted.  Most
> other SSL/X.509 implementations feature clearly separated stores for
> trusted CAs, blacklisted CAs and locally available copies of
> intermediary certs, which also makes it easier for end users to deal
> with incidents such as the recent scandals with mismanaged
> intermediary CAs.

Yes, this area is not explained well, and a bit unusual.
From experience stepping through this to debug issues:

OpenSSL can use (intermediate or root) certs in truststore
(-CAfile and/or -CApath on commandline, _load_verify_ in library)
to "complete" a chain: for lone cert as with commandline verify;
for lone cert or partial chain received in protocol, which "shouldn't"
need intermediate because server (or client for client-auth) should
send at least everything below the/a root; and (less obvious)
for cert or partial chain sent in protocol, if not fully provided
by _use_certificate_chain_ (which s_client for one doesn't do).

But: only one chain. At each step, x509_verify_cert looks for
"the" parent cert to add next. If there is more than one possible
parent -- with Subject matching child Issuer and other attributes
matching child AKI if used and KeyUsage if used reasonable --
x509_verify_cert uses the first one found (which I'm pretty sure
is in input order for CAfile and I'm certain is in hash.0,1,etc
order for CApath); if that chain later fails, the code doesn't
backtrack and look for alternates.

And: openssl -- so far -- only uses a root in truststore
as an anchor. It can use intermediates in truststore to
build the chain, but that chain must end at a root in
truststore to verify okay. According to posts in the last
few months, this may change: there are reportedly new options
for trust anchors in HEAD, which presumably will be in 1.0.2.
(Standard caveat: I'm not a developer and don't speak for them.)

At present you can make a root untrusted by removing it locally.
For any child (intermediate or leaf) x509_verify_cert can check
CRL if stored locally (only); to dynamically get CRL, or use OCSP,
or use any other kind of blacklist AFAIK you need custom code.
I haven't heard of changes coming in this area, but I wouldn't be
astonished, since as you note other implementations do more here.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: check certificate chain in a pem file

Dave Thompson-5
In reply to this post by ashish2881
> From: [hidden email] On Behalf Of ashish2881
> Sent: Wednesday, 27 February, 2013 06:05

> I have a .pem file say : chain.pem
> chain.pem == server certificate-> intermediate CA certificate
> -> self signed root certificate .
>
> Now i am writing the code in C using opensl Api's to verify
> this (chain.pem) chain .
> filename ======> chain.pem
> Currently I am doing like this :
>     SSL_CTX *sslctx = NULL;
>     STACK_OF(X509)* ca_stack = NULL ;
>     sslctx = SSL_CTX_new(SSLv23_server_method());
>
> BIO_new(BIO_s_file_internal());
> x =PEM_read_bio_X509

Aside: if your server cert is reliably the first one in
chain.pem, you could just use the first entry in ca_stack
below instead of doing a separate read.

> store=X509_STORE_new
> vrfy_ctx = X509_STORE_CTX_new();
> SSL_CTX_use_certificate_chain_file(sslctx, filename)
> ca_stack = sslctx->extra_certs
> X509_STORE_CTX_init(vrfy_ctx, NULL, x, ca_stack)
> X509_verify_cert(vrfy_ctx)
>
> ---i am seeing error while doing this .....am i doing
> everything right .....
>
To have verify_cert succeed it must find the root in
the 'store' provided to _CTX_init (which you left NULL),
or in separately set _trusted_chain . You *may* also
have intermediate certs in either of those places
instead of, or in addition to, the (untrusted) 'chain'.

So it's easiest to just provide all of ca_stack as trusted;
or load the file into sslctx->store with _load_verify_locations
(instead of extra_certs with _use_certificate_chain_file)
and use _get_cert_store as your store.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: check certificate chain in a pem file

Dr. Stephen Henson
In reply to this post by Dave Thompson-5
On Mon, Mar 04, 2013, Dave Thompson wrote:

> And: openssl -- so far -- only uses a root in truststore
> as an anchor. It can use intermediates in truststore to
> build the chain, but that chain must end at a root in
> truststore to verify okay. According to posts in the last
> few months, this may change: there are reportedly new options
> for trust anchors in HEAD, which presumably will be in 1.0.2.
> (Standard caveat: I'm not a developer and don't speak for them.)
>

Yes there is a partial chain flag which will appear in 1.0.2.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: check certificate chain in a pem file

ashish2881
I have stored chain in trusted store and verified the leaf certificate .
I have also done the similar with storing certificate chain except leaf certificate in untrusted store ,but here i had added exception in x_509 verify function to avoid th error of self signed root certificate stored in untrusted store.