Hi!
Here's my micro howto -- notes I took while setting stuff up on my
private machine. May be of some help. Most probably some of the
'personal comments' are not 100% accurate, but who's looking a
gift horse into the mouth? (As I am using Linux, I probably am though, heh)
Best regards,
-- David
--On Thursday, June 27, 2002 1:25 AM +0200 Shalendra Chhabra
<[EMAIL PROTECTED]> wrote:
> Can someone guide me how to install Certificates and Private Key in my
> server.
> For example I want to create a server that will host my web page
> and since I have openssl library I can generate Certificate and Private
> key of my machine but how to install all this so that If there is any
> other machine, a client connecting to server requests its
> certificate etc. and is convinced etc etc
> I want to exactly like this
>
> openssl s_client www.mywebpage.com:portno
>
> and I want all handshakes and formalities to follow but the server is mine
> www.mywebpage.com and not hotmail etc.
>
> I need help from this list
> Thanks
> Shalendra -The Student
>
> ---------------------------------------------------------------------
> Linux- If you hate Microsoft
> FreeBSD -If you love Unix
>
>
> | / \ | Shalendra Chhabra // \\
> \_\\ //_/ LSV, ENS De Cachan _\\()//_
> .'/()\'. 215, Pavillion Jardins / // \\ \
> \\ // 61, Avenue Du President Wilson | \__/ |
> Cachan Cedex, France
> 33.01.47.40.28.46
> www.lsv.ens-cachan.fr
> www.angelfire.com/linux/shalu
>
> How to Reach from Anywhere in Paris to Me:
>
> 1. Catch RER B in the direction of Robinson(B2) or Saint Remy(B4)
> 2. Get down at the Bagneux Station (On the Map Below, Blue Line in Middle)
> 3. As you come out of Bagneux Station, Walk on the road Adjacent to the
> The Outcome of the station and keep walking straight, for 10 min
> Welcome to ENS Cachan. Not all RERs stop at Bagneux so catch the right
> one
> Here is the Map of RER, Metro, Bus of Paris
> http://www.citefutee.com/orienter/plans_gif.php
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
>
================================================================================
Certificates for httpd
================================================================================
2001-08-11
0) Create a "root certificate authority"
0.1) Create a private key for the root CA
$ cd /etc/httpd/conf
$ cd ssl.key
$ openssl genrsa -des3 1024 > charmonium-ca.key
This creates a password-encrypted RSA 1024-bit key in
/etc/httpd/conf/ssl.key/charmonium-ca.key
You are asked for the password by openssl. chmod 600/root-own the key!
Display contents of key:
$ openssl rsa -noout -text -in charmonium-ca.key
This shows: modulus - n = p*q
public exponent - 65537 = e
private exponent - d
prime 1 - p "discard, do not reveal" > cached
prime 2 - q "discard, do not reveal" > for
exponent 1 > faster
exponent 2 > computing
coefficient >
0.2) Create a self-signed certificate for the root CA
$ cd /etc/httpd/conf
$ cd ssl.crt
$ openssl req -new -key ../ssl.key/charmonium-ca.key -x509 -days 365
> charmonium-ca.crt
This creates an x509 self-signed certificate (signed using the
charmonium-ca.key), valid for 365 days, in PEM format. openssl asks you for the
passphrase to the .key file, then for the DN for whom the
certificate will be issued.
Display contents of certificate
$ openssl x509 -noout -text -in charmonium-ca.crt
x509 certificate:
+---------------
| Version
| Serial Number
| Algorithm Identifier
| - Algorithm
| - Parameters
| Issuer (our charmonium CA, given using its DN)
| Period of Validity
| - Not before date
| - Not after date
| Subject (our charmonium CA, given using its DN)
| Subject's public key (this key is being certified)
| - Algorithms
| - Parameters
| - Public key
| x509v3 extensions
| Signature of tbsCertificate done using the issuer's private key.
+--------------
For x509, see RFC2459: Internet X.509 PKI Certifcate and CRL Profile
"public key certificates are data structures that bind public key
values to subjects. The binding is asserted by having a trusted CA
digitally sign each certificate"
"the signatureValue field contains a digital signature computed
upon the ASN.1 DER encoded tbsCertificate. The ASN.1 DER encoded
tbsCertificate is used as the input to the signature function"
"TBSCertificate ::= SEQUENCE {
version
serialNumber
signature
issuer
validity
subject
subjectPKinfo
issuerUniqueID
subjectUniqueID
extensions
}"
Note the the Validity date is shown in GMT, when seen on Internet Explorer
the Validity date is shown in local time (possibly summertime).
0.3) The certificate is supposed to belong to a Certificate Authority, which
basically is an entity that users should trust to sign certificates. I.e.
a 'Certificate Authority' will do the Right Thing when it signs other
certificates (whatever that means). Now, the Certificate Authority's
certificate (created above) should be installable by browser. The certificate
would be installed into the browser's 'trusted keystore'. This means one has
to present the CA's certificate on a web page under several formats:
a) PKCS#7 single or chain certificate
b) DER (Distinguished encoding rules) single certificate
c) Netscape Certificate Sequence (obscure)
...either in binary or in the following form:
-----BEGIN CERTIFICATE-----
<RFC1113 Base64>
-----END CERTIFICATE-----
The DER encoding with RFC1113 encoding is the PEM (Privacy enhanced mail)
format.
See also
http://wp.netscape.com/eng/security/comm4-cert-download.html
for the Netscape-relevant specification
0.4) Thus:
Make the above created PEM certificate available through the webserver
Create a DER equivalent:
openssl x509 -inform PEM -outform DER -in foobarsite-ca.crt -out
foobarsite-ca.der
and make it also available for download.
This works well in Internet Explorer, additionally
0.5) Additionally, one can set the Mime Type to
"application/x-x509-ca-cert" (the default sent by the browser is "text/plain")
by adding the following to the Apache configuration file:
AddType application/x-x509-ca-cert .cader
AddType application/x-x509-ca-cert .cacrt
and renaming the termination of the certificates from .der to .cader and
.crt to .cacrt.
Try it manually, e.g:
$ telnet localhost 80
$ GET /certificates/foobarsite-ca.cacrt HTTP/1.1
$ HOST: neutrino
...will give you the correct 'content-type' in the header
1) Create a private key for the server or the website as under 0.1:
$ cd /etc/httpd/conf
$ cd ssl.key
$ openssl genrsa -des3 1024 > neutrino.key
This creates a password-encrypted RSA 1024-bit key in
/etc/httpd/conf/ssl.key/neutrino.key
You are asked for the password by openssl. chmod 600/root-own the key!
Display contents of key:
$ openssl rsa -noout -text -in neutrino.key
2) Create a certificate signing request for the server key. Decide what
you want to have certified:
- what public key
- what's the DN information that should appear in the certificate?
$ cd /etc/httpd/conf
$ cd ssl.csr
$ openssl req -new -key ../ssl.key/neutrino.key > neutrino.csr
You are asked for the passphrase to your .key file, so that a signature
proving you have the private key of the public key can be added.
To check the request's contents:
$ openssl req -noout -text -in neutrino.csr
...the request is of course NOT encrypted in any way
The request contains the server public key to be certified and a
signature, obtained using the private key associated to the public key.
There is also a 'challenge password' (probably for exchange between CA
and certification requestor)
To verify the signature on the request:
$ openssl req -verify -in neutrino.csr
This should work as follows: take the signature of the csr, decrypt it
using the public key in the csr, then match the hashvalue thus obtained
to the hashvalue of the public key in the csr. If these match, the
requestor indeed owns the private key to the public key to be signed.
(If he does not, it would be an attempt to associate the public key of
somebody else with a false DN -- possible uses: known plaintext attacks?)
Also check out /usr/share/ssl/openssl.cnf for parametrization
At this point, the signing request is sent to the root CA, which would
probably call up the requestor to 'know your customer'. After that, the
root CA will sign the request:
3) Sign the certificate signing request yielding a valid certificate, using
the root CA created earlier
$ cd /etc/httpd/conf
$ openssl ca -in ssl.csr/neutrino.csr
-cert ssl.crt/foobarsite-ca.crt
-keyfile ssl.key/foobarsite-ca.key
-days 128
This uses the 'demo CA' setup as defined in /usr/share/ssl/openssl.conf
The neutrino certificate signing request (DN+neutrino public key) is
certified (i.e. the certificate data is signed using the foobarsite-ca
private key)
...and put into newcerts/<serial>.pem
Note that there seems to be some problem with the Validity date of the
thus signed certificate. The time (in GMT) of the certificate seems to
just be the time value returned by 'date' which might not be GMT (in our
case, a certificate created at 18:22 MESZ was valid from 18:22 GMT on,
i.e. about 2 hours later)
It contains the extended text of the x509 certificate (i.e. cleartext)
and the binary x509 certificate.
The demoCA is setup as follows: the following must exist under
/etc/httpd/conf, according to /usr/share/ssl/openssl.conf
demoCA
\___index.txt (empty text file at first, contains index of certs)
\___serial (text file with "01" only, certs serial number)
\___private (contains the CA's private key if not given on comd-line)
\___newcerts (dir containing new certificates)
\___cacert.pem (contains the CA's certificate if not given on comd-line)
Note: make demoCA rwx root only!
4) Copy the neutrino (signed) certificate to its final destination:
$ cd /etc/httpd/conf
$ cp demoCA/newcerts/01.pem ssl.crt/neutrino.pem
5) Rehash the certificates in ssl.crt:
(as an example, /usr/bin/c_rehash works on /usr/share/ssl/certs)
$ cd /etc/httpd/conf/ssl.crt
$ openssl x509 -hash -noout -in neutrino.pem
Use the obtained hashvalue (eg. 72e34d14) to create a symlink:
$ ln -s neutrino.pem 72e34d14.0
Make sure ssl.crt is rwxr-xr-x root.root, this dir has to be accessed by
apache.
6) Verify that the certificate is valid
$ cd /etc/httpd/conf/ssl.crt
$ openssl verify -CApath /etc/httpd/conf/ssl.crt (hashed trusted certs)
-purpose {sslclient,ssserver,nssslserver,smimesign,
smimeencrypt}
-verbose
neutrino.pem
However, in order to do this, you first have to declare that you trust
the foobarsite-ca.crt by also creating a symlink in ssl.crt for it, as
described above, i.e.
ln -s foobarsite-ca.crt `openssl x509 -hash -noout -in foobarsite-ca.crt`.0
7) Just for fun, create a chaining certificate authority and try to certify
another certificate for the server:
7.1) Create a private key for the chaining CA
$ cd /etc/httpd/conf/ssl.key
$ openssl genrsa -des3 1024 > chaining-ca.key
$ chmod 600 chaining-ca.key
7.2) ...TO DO; this is complicated as another demoCA will have to be
set up
8) Set up httpd:
In the SSL virtual server:
SSLCertificateFile /etc/httpd/conf/ssl.crt/neutrino.pem
(this is the certificate that is presented to the client on connection)
(by default it terminates in '.crt')
9) Set up httpd:
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/neutrino.key
(this is the server private key)
If httpd is now started up, it asks for the passphrase to the private
key. Note that it can access the private key although that key is
only accessible by root.
10) Connect to the httpd using https.
Browser warns about the issuer of the presented certificate and also
that the name of the security certificate does not match the name of the
site (indeed, 192.168.1.11 <> neutrino.foobarsite.lu).
You can install the certificate in the browser.
10) Man pages:
ca - sample minimal ca application
req - PKCS#10 certificate and certificate generating utility
spkac - Netscpe signed pub key & challenge printing & generating utility
x509 - certificate display and signing utility
CA.pl - friendlier interface for OpenSSL certificate programs
config - OpenSSL CONF library configuration files
pkcs12 - pkcs#12 file utility
pkcs8 - pkcs#8 format private key conversion tool
dsa - dsa key processing
rsa - rsa processing tool
gendsa - generate DSA private key from a set of parameters
genrsa - generate RSA private key
asn1parse - ASN.1 parsing tool
crl - process CRL files in DER and PEM format
crl2pkcs7 - create a PKCS#7 structure from a CRL and certificates
dgst - message digests
dhparam - DH parameter manipulation and generation
dsaparam - DSA parameter manipulation and generation
enc - symmetric cipher routines
nseq - create or examine a netscape certificate sequence
rand - generate pseudo-random bytes
s_client - SSL/TLS client program
s_server - SSL/TLS server program
smime - S/MIME utility
verify - verify command verifies certificate chains
version - print OpenSSL version information
crypto - OpenSSL cryptographic library (libcrypto)
ssl - OpenSSL SSL/TLS library
11) RSA algorithm:
Choose large prime p (e.g. 1024) - use probabilistic algo
Choose large prime q (e.g. 1024) - use probabilistic algo
Compute n := p*q
Choose e such that e and (p-1)(q-1) are relatively prime (special
case: e can be prime; e is often chosen to be 65537=2^16+1)
Use extended Euclidean Algorithm to compute a d such that
e*d == 1 mod (p-1)(q-1)
d == e^-1 mod (p-1)(q-1)
Note: d & n are relatively prime, too.
private key:
d = decryption key
public key:
e = encryption key
known by both:
n = product
p, q can be discarded but should not be revealed
Encryption:
Divide data into less-than-n sized chunks m(i)
c(i) = m(i)^e mod n
Decryption:
m(i) = c(i)^d mod n
Note: in practice, e is known both both. Were this not the case, one
could make the algorithm symmetric, i.e. exchange the private and
public key.
