Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Signing certificate with another certificate signed by CA

Tags:

openssl

x509

pki

Is it possible to sign a new certificate using a certificate signed by a CA as the CA for other certificates and still have them validated by the root CA?

Example: 

# create new key
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
....
# send csr to ca for signing
....
# now what if we make a new key and sign it with the received crt?
openssl genrsa -des3 -out newkey.key 2048
openssl req -new -key newkey.key -out newkey.csr
openssl x509 -req -in newkey.csr -CA server.crt -CAkey server.key -CAcreateserial -out newcert.crt -days 500

Why is it not possible to do this? I tried using this new cert for a service and the browser complains that the certificate lacks CA chain. Basically I want to use one certificate that is signed for the domain and create new certificates for subdomains using domain certificate as CA for the subdomains. How is this process designed to work?

like image 976
Martin Avatar asked Jan 23 '14 21:01

Martin

1 Answers

Whether or not a certificate can be used to sign another certificate is defined by the basic constraints field of the certificate. When you submit a CSR to a CA, the certificate returned by the CA should specify that the certificate cannot be used to sign other certificates in the basic constraints field.

Otherwise, this would open the door to anyone being able to create a fake certificate for any site. For example, I could create a CSR for mysite.com, get the certificate signed by a CA like VeriSign, then create a CSR for www.paypal.com and use the certificate for mysite.com to sign the certificate for www.paypal.com. Then, I would have a valid certificate for www.paypal.com. But, I'm not paypal.com.

Notwithstanding, many early SSL implementations in early browsers and even some early versions of OpenSSL did not check the basic constraints field of the certificates in a certificate chain, so this was a vulnerability that could be exploited. Security researcher Moxie Marlenspike was active in bringing this to the public's attention which forced browser makers to fix this. See http://www.thoughtcrime.org/ie-ssl-chain.txt for more info.

like image 61
mti2935 Avatar answered Sep 18 '22 23:09

mti2935
Sign in to Comment

Related questions

How to set TLS context options in Ruby (like OpenSSL::SSL::SSL_OP_NO_SSLv2)
OpenSSL error handling
OpenSSL error - unable to get local issuer certificate
Understanding engine initialization in OpenSSL
OpenSSL - Password vs Salt Purpose
openssl_verify(): supplied key param cannot be coerced into a public key for a .pem file
Securing UDP - OpenSSL or GnuTls or ...?
OpenSSL: Unable to create SSL_CTX * using SSL_CTX_new()
How to encrypt decrypt with RSA keys in java
Linking libssl and libcrypto in GCC [duplicate]
Build openssl with just RSA and AES
OpenSSL error alert handshake failure
send RSA public key to iphone and use it to encrypt
How to use Linux openssl to generate CSR for iOS? [duplicate]
Cross compile rust-openssl for Raspberry Pi 2
When do I need zlib in OpenSSL?
Is it possible to prevent man-in-the-middle attack when using self-signed certificates?
How to renew a self-signed openssl PEM certificate
OpenSSL BN_CTX usage
SSL_CTX_use_PrivateKey_file() failed

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!