|
Packit |
f574b8 |
DOS/Windows-oriented notes on Root Certificates
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
To use certificates or a cert bundle within an SSL enabled
|
|
Packit |
f574b8 |
application such as lynx you must place your certificate
|
|
Packit |
f574b8 |
files into a known directory, and set the environment
|
|
Packit |
f574b8 |
variables to a proper value (e.g. in CONFIG.SYS file).
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
set SSL_CERT_DIR=x:/usr/local/ssl/certs
|
|
Packit |
f574b8 |
set SSL_CERT_FILE=x:/usr/local/ssl/cert.pem
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
(See "What are root certificates" below.)
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. Why would I want to install openssl.exe?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
openssl.exe is used to manage certificates. (See "What are root certificates"
|
|
Packit |
f574b8 |
below.)
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. How to install openssl.exe?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Put openssl.exe in a directory in your PATH and the DLLs to a directory
|
|
Packit |
f574b8 |
in your LIBPATH.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Copy conf\openssl.cnf.demoCA to a directory of your
|
|
Packit |
f574b8 |
choice, rename it to openssl.conf and set the environment variable
|
|
Packit |
f574b8 |
OPENSSL_CONF by putting
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
SET OPENSSL_CONF=<your-directory>\openssl.cnf
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
into CONFIG.SYS.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. Why is this document so paranoid?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
If you want to use OpenSSL, then probably your Internet transactions have
|
|
Packit |
f574b8 |
*real* monetary value embedded in them. And as usual, the security is as good
|
|
Packit |
f574b8 |
as the weakest link. This document unravels only the tip of the iceberg
|
|
Packit |
f574b8 |
of what can go wrong with improperly established "secure" connections. And
|
|
Packit |
f574b8 |
given the monetary value involved, "bad guys" have a high incentive to exploit
|
|
Packit |
f574b8 |
the weakest links. As experience shows, do not underestimate the intelligence
|
|
Packit |
f574b8 |
of bad guys...
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Really, with security, a little knowledge is a dangerous thing; one can
|
|
Packit |
f574b8 |
suspect that many people, if they really understood the trust structures
|
|
Packit |
f574b8 |
associated with SSL, would be rather careful about checking the details
|
|
Packit |
f574b8 |
of certificates.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. What are root certificates?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Making a secure connection is like sending your valuables (for storage or
|
|
Packit |
f574b8 |
consumption) to somebody who agreed to be at a prearranged place. To
|
|
Packit |
f574b8 |
guard the valuables on the way there, you can ask for a police escort; this is
|
|
Packit |
f574b8 |
what https:// connections are about. However, it does not make any sense to
|
|
Packit |
f574b8 |
have an escort if the goods are transfered to a random person who happens to be
|
|
Packit |
f574b8 |
at this place; one needs to certify the identity of the receiver as well.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
The certification process is a chain; when site A wants to certify that it is
|
|
Packit |
f574b8 |
actually what it claims, it actually says "Check this certificate with site B";
|
|
Packit |
f574b8 |
to proceed, one needs to certify that site B is what it claims, so B may
|
|
Packit |
f574b8 |
redirect to site C etc. For this process to stop, some sites claim
|
|
Packit |
f574b8 |
"You must know my certificate, check it yourself". These certificates are
|
|
Packit |
f574b8 |
"root certificates"; one cannot verify such a site unless one has the
|
|
Packit |
f574b8 |
certificate for the "end of its certification chain". If you don't have the
|
|
Packit |
f574b8 |
relevant root certificate in your local certificates file, it means that
|
|
Packit |
f574b8 |
you don't trust anyone to vouch for the authenticity of the site.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
So one should have a collection of known certificates from several well-known
|
|
Packit |
f574b8 |
sites known as "Root Certification Authorities". Most sites for large-scale
|
|
Packit |
f574b8 |
businesses have certificates which will eventually resolve to these places.
|
|
Packit |
f574b8 |
Such certicates represent people like Verisign that are in the business of
|
|
Packit |
f574b8 |
confirming the identity of servers, etc.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Additionally, since having yourself certified through another site costs,
|
|
Packit |
f574b8 |
some sites avoid this cost via presenting "end-of-chain certificates".
|
|
Packit |
f574b8 |
One should have a way to obtain these certificates via other means than
|
|
Packit |
f574b8 |
insecure Internet connection (e.g., one can walk into the office and copy
|
|
Packit |
f574b8 |
the certificate file to a floppy). These are so-called "Self-signed
|
|
Packit |
f574b8 |
certificates"; they are "root certificates" as well. The locally-installed
|
|
Packit |
f574b8 |
securely obtained copies of such certificates are referred to as
|
|
Packit |
f574b8 |
"local certificates". (See 'What is "Snake Oil Ltd."' below.)
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
If you are presented with a locally-unresolvable root certificate, and you
|
|
Packit |
f574b8 |
*believe* that you are really talking to the site, and not someone
|
|
Packit |
f574b8 |
in between (who is either completely simulating the site or relaying
|
|
Packit |
f574b8 |
your requests onto the real site - called a "man in the middle" attack),
|
|
Packit |
f574b8 |
you will still have an encrypted connection. Otherwise, you should act
|
|
Packit |
f574b8 |
as though the site was an impostor, unless and until you manage to get
|
|
Packit |
f574b8 |
a root certificate from a trustworthy source, and that root certificate
|
|
Packit |
f574b8 |
represents someone that you would trust to have vetted the site you
|
|
Packit |
f574b8 |
want to connect to.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Local certificates are stored in SSL_CERT_FILE (this "cert bundle", usually
|
|
Packit |
f574b8 |
named cert.pem, contains several signatures for "Root Certification
|
|
Packit |
f574b8 |
Authorities") and SSL_CERT_DIR (which has a signature per file, and usually
|
|
Packit |
f574b8 |
contain local copies of self-signed certificates).
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
There are three crucial considerations to be added to this picture:
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
a) While there are ways to ensure that the receivers are who they claim,
|
|
Packit |
f574b8 |
there is absolutely no technological way to verify how *trustworthy*
|
|
Packit |
f574b8 |
the receiving party is. It does not make sense to secure-send your
|
|
Packit |
f574b8 |
valuables to a certified receiver if this receiver is a crook (or will
|
|
Packit |
f574b8 |
just keep them later in a publicly accessible place).
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
b) "VeriSign Syndrome". For the above scheme of "a chain of trust" to work,
|
|
Packit |
f574b8 |
the "Root Certification Authorities" should be *very* trustworthy
|
|
Packit |
f574b8 |
high-integrity entities. Unfortunately, there are certain doubts that
|
|
Packit |
f574b8 |
this is so. E.g., fall 2003, VeriSign started an attack on DNS scheme
|
|
Packit |
f574b8 |
which could disrupt the whole architecture of Internet (hijacking *all*
|
|
Packit |
f574b8 |
unclaimed Internet addresses and redirecting them to a promotional site;
|
|
Packit |
f574b8 |
google for VeriSign DNS hijack).
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
One major company even issued a Microsoft certificate to a company
|
|
Packit |
f574b8 |
other than Microsoft, and there had to be a Windows critical update
|
|
Packit |
f574b8 |
to block that certificate.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
c) Keep in mind that the "big 2 browsers" are adding an increasing
|
|
Packit |
f574b8 |
number of root certificates, and most users fail to realise that they
|
|
Packit |
f574b8 |
are putting a trust in the supply chain for the browser to give them
|
|
Packit |
f574b8 |
the certificates of reliable organisations (the browser suppliers could
|
|
Packit |
f574b8 |
make bad choices, or the browser could have been hacked before you got
|
|
Packit |
f574b8 |
it).
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Incidentally, standard browsers come with certificates representing
|
|
Packit |
f574b8 |
very different levels of identity verification, but most people accept
|
|
Packit |
f574b8 |
all of those supplied with the big 2 as equally valid.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. How to obtain root certificates?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Certificate files, such as cert.pem, are security critical; you have to
|
|
Packit |
f574b8 |
trust whoever supplies it to you; all your certification process is no more
|
|
Packit |
f574b8 |
trustworthy than the site you downloaded cert.pem from. So you shouldn't just
|
|
Packit |
f574b8 |
accept any offer.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
One way is to copy them from a machine which already obtained them in a secure
|
|
Packit |
f574b8 |
way. Another one is to extract them from a web browser which was itself
|
|
Packit |
f574b8 |
obtained in a secure way (see "How to extract certificates from Internet
|
|
Packit |
f574b8 |
Explorer" below). If anything else fails, obtaining a privately-generated
|
|
Packit |
f574b8 |
bundle from third-parties, such as
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
http://www.kfu.com/~nsayer/encryption/ca-bundle.crt.text
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
is *not* much better than no certificates at all, but may avoid some warnings
|
|
Packit |
f574b8 |
from applications. One of the places which has a bundle is the mod_ssl site.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. Should you trust this distribution system?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
It is very hard to imagine a situation when the answer is different from
|
|
Packit |
f574b8 |
"Absolutely not!".
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Indeed, obtaining the certificates is only half of the problem.
|
|
Packit |
f574b8 |
The certificates are going to be checked by the SSL library. Can you trust
|
|
Packit |
f574b8 |
these executables (DLLs)? Did you obtain the library via a secure connection?
|
|
Packit |
f574b8 |
Are you sure that the place you obtained it from has reasonable security
|
|
Packit |
f574b8 |
practice, so that the archive could not be tampered with? The latter place
|
|
Packit |
f574b8 |
most probably did not build the DLLs themselves; chances are they just
|
|
Packit |
f574b8 |
store what a fourth-party supplied them. Was *that* file transfer done via
|
|
Packit |
f574b8 |
secure channels? Can you trust this fourth-party so that it did not insert
|
|
Packit |
f574b8 |
Trojans?
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Chances are that all of these questions are answered "No". There are still
|
|
Packit |
f574b8 |
major problems with bootstrapping security via the Internet...
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
What about the application which uses these DLLs? Do you have any reason to
|
|
Packit |
f574b8 |
trust it? What about the OS itself? Did it come from a trustworthy source
|
|
Packit |
f574b8 |
via trustworthy channels? Are you sure it was not tampered with?
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. How to compile and link with OpenSSL libraries?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Put the files from include and lib to your emx directory,
|
|
Packit |
f574b8 |
or directories on C_INCLUDE_PATH and LIBRARY_PATH.
|
|
Packit |
f574b8 |
Note that openssl should become a subdirectory of your include directory.
|
|
Packit |
f574b8 |
If you need .lib files you can create them using emxomf.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
The supplied library files link against the new renamed dlls open_ssl and
|
|
Packit |
f574b8 |
cryptsll.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
See the doc directory for some information and visit
|
|
Packit |
f574b8 |
http://www.columbia.edu/~ariel/ssleay/ for more infos.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. Why do you need your own keys and certificates?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
There are several situations: having a server which accepts secure connections;
|
|
Packit |
f574b8 |
authenticating yourself to a server by means other than login/password,
|
|
Packit |
f574b8 |
sending S-Mime crypto-mail, authenticating from a client browser to a server.
|
|
Packit |
f574b8 |
In each of these situations one needs keys.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
The following sites may be useful:
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
http://www.pseudonym.org/ssl/ssl_cook.html#environment
|
|
Packit |
f574b8 |
http://the.earth.li/~sgtatham/putty/0.53b/htmldoc/Chapter8.html#8.2
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. How to generate your own keys and certificates?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
There are many ways. A good solution is to use sslRexx. It provides everything
|
|
Packit |
f574b8 |
you need. PuTTYgen is a key generator that will work.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Below is a short description of how I made my own Certification Authority,
|
|
Packit |
f574b8 |
a Server Key for Apache and a client Key/Certificate for me, signed by my
|
|
Packit |
f574b8 |
own CA.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. Howto: Root CA (needed to self-sign all certificates)
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Generate a CA-Key and store it in sub-directory private:
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
openssl genrsa -des3 -out private/MyOwnCA.pem 2048
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Make a selfsigned certificate based on above key.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
openssl req -new -x509 -days 730 -key private/CAkey.pem -out CAcert.pem
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
This certificate will expire in 2 years.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Optional: generate text output of this certificate:
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
openssl x509 -in ./CAcert.pem -text > CAcert.txt
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Now you have a key and certificate for your own CA which can be used
|
|
Packit |
f574b8 |
to sign user and server keys. The CAcert is also needed to configure
|
|
Packit |
f574b8 |
Apache and Netscape. You can/should give away the CA certificate but
|
|
Packit |
f574b8 |
never give the CA key to anybody.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. Howto: Your Client Certificate/Key
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Generate a private key
|
|
Packit |
f574b8 |
----------------------
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
openssl genrsa -des3 -out hrom-key.pem 2048
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Create a signing request (same command again)
|
|
Packit |
f574b8 |
------------------------
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
openssl req -new -key hrom-key.pem -out hrom-req.pem
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Let the CA sign it (same command again)
|
|
Packit |
f574b8 |
------------------
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
openssl ca -in hrom-req.pem -out hrom-cert.pem -outdir MyOwnCA/newcerts
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
After you get back the certificate from the CA, combine it with
|
|
Packit |
f574b8 |
your private key and store the result as p12 file. This file can
|
|
Packit |
f574b8 |
be imported into your browser. The browser will use this file to present
|
|
Packit |
f574b8 |
to a server requiring it for access.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
openssl pkcs12 -export -name Hromadka -in hrom-cert.pem -inkey hrom-key.pem -out hrom.p12
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Security Notes: Never give your private key to a CA, they only need the
|
|
Packit |
f574b8 |
signing request. Never give away your p12 file. Always secure your private
|
|
Packit |
f574b8 |
keys with a passphrase.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. How to use c_rehash?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
One needs a working port of Perl and cp.exe to run this. Set OPENSSL to the
|
|
Packit |
f574b8 |
full name of openssl executable. One may also need to change some ':' to
|
|
Packit |
f574b8 |
$Config{path_sep}. c_rehash finds certs from enviroment variables and allows
|
|
Packit |
f574b8 |
them to be recognized by openssl.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. How to extract certificates from Internet Explorer?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
To make your own file of certificates, go to the
|
|
Packit |
f574b8 |
"Tools/Internet Options/Content/Certificates/Trusted Root Certificates"
|
|
Packit |
f574b8 |
section of IE. Select all the certificates, then "export" to a file.
|
|
Packit |
f574b8 |
It will be saved as a PKCS#7 file, with suffix ".p7b". You can call
|
|
Packit |
f574b8 |
it "ca_bundle.p7b". Then use openssl to convert it with the command:
|
|
Packit |
f574b8 |
"openssl pkcs7 -inform DER -in ca_bundle.p7b -print_certs -text -out cert.pem".
|
|
Packit |
f574b8 |
Ask your system administrator to put the file "cert.pem" in the openssl
|
|
Packit |
f574b8 |
directory and c_rehash it. Then lynx can check the certificates against the
|
|
Packit |
f574b8 |
set of certificates that you (or Microsoft) trusts, and you won't get the
|
|
Packit |
f574b8 |
warning message any more.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Q. How to install a self-signed certificate?
|
|
Packit |
f574b8 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
When you would like to trust a self-signed (non-commercial) certificate you will
|
|
Packit |
f574b8 |
need to get hold of the actual file. If it's a cert local to your network you
|
|
Packit |
f574b8 |
can ask the sysadmin to make it available for download as a link on a webpage.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
If such file is not human-readable it's probably DER formatted and will need to
|
|
Packit |
f574b8 |
be converted to PEM format to allow openssl to use it.
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
To convert DER formatted certificates into something openssl can deal with:
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
Save the cert as site_name.crt in a directory. In that directory, type:
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
openssl x509 -inform DER -in site_name.crt -outform PEM -out site_name.pem
|
|
Packit |
f574b8 |
|
|
Packit |
f574b8 |
You can now copy this individual cert into the directory for that and hash the
|
|
Packit |
f574b8 |
cert by running c_rehash. A complete discussion of this procedure for unix is
|
|
Packit |
f574b8 |
in the document README.sslcerts.
|