Thank you very much David for your response. > > I doubt if self signed certificate will be a good idea, as > > against a signed > > certificate. > > With the approach I am proposing, the server installer itself works like a > > CA. > > Only an authorized person will have access to this installer (say > > admin) and > > can generate a signed certificate. > > I don't know if you're familiar with how real CAs operate, but trust me, > restricting access to your installer won't provide anywhere near the > security that real CAs do. >
Here is my understanding about a real CA. A real CA would be an agency or like, which would have the infrastructure required to sign certificate requests (say openssl toolkit, its own key pair, its own root certificate etc). In addition to this, it would have capabilities / mechanism to verify the information provided by the requester (subject) in the certificate request. Once the CA verifies that the information provided in the certificate request is correct, it would sign the request, and provide the signed certificate to the requester (subject). If I am missing anything that is important to know, I will be really happy to learn about it. > > Now what happens if someone changes the key and the certificate in the > > server? > > If I am using a self signed certificate, this change will not be detected. > > Perhaps you misunderstand what I'm proposing. If you use a self-signed > certificate, the change will be detected because the certificate will now be > different. I'm suggesting the client use the public key itself as the > server's identity. > Hmm ... So are you suggesting that my clients would store the certificate produced by the server, the first time they connect to the server, and thereafter each time they connect to the server, they check if the certificate has changed? As I understand, a self signed certificate can be verified using the public key present in the certificate iteself. So how can my client detect the change in the certificate unless they store the public key (or the certificate itself) the first time they connect to the server, and then for every successive connection attempt, check the certificate presented with this stored public key / certificate ? Am I still missing something? > > If I am using a CA signed certificate (which only the admin can do through > > the installer), any such change / modification to the server certificate > > will be detected > > as the modified certificate will not be validated at the client > > side (as it > > will not be signed). > > The problem is that anyone who has access to your installer can impersonate > any server. Absolutely true. > Whether or not this is acceptable depends upon a few factors. I > would submit that if your client is a traditional program like IE or Firefox > and your target network is the Internet, this is absolutely unacceptable. If > your client is custom software and/or your target network is private, this > might be reasonable. > Right. Now, my clients are custom software and the target (as of now) is a private network. > > This is the reason, why I plan to use a CA signed cert instead of self > > signed cert at the > > server. > > What's your client software? Is it a browser or custom software? Nops. It is a custome software. > If a browser, and you're expecting the client to add your CA as a trusted root, > you are compelling your users to trust an awful lot to anyone who might get > access to your installer, accidentally or intentionally. A leak of your > installer would mean a serious security compromise to all your users. That is right. So, my server / client are custom s/w and the target network is a private network. Please bear with me as I put down the purpose behind this whole thinking, once again. 1. I will be giving my server + clients to my customers. 2. These servers will need to have their own distinct certificates. 3. As part of shipping my s/w (server + client) to the customers, I burn them on a CD and ship them. 4. If I have to generate a unique certificate for every server, myself, I would have to burn so many different CDs. In addition to that, I will have to maintain almost a complete CA system. 5. This is doable, when the number of customers is small, say 5 - 10. But I doubt how well this would scale with the increasing number of customers. So, I was thinking that embedding certificate generation capability in my installer will be good, as it can scale well. An admin at customer C1 would have complete access to the server (h/w + s/w). As it is , it would be this admin who would have prepared the cert request, if I would be issuing signed certificate. So why not allow him to create a certificate for himself ? Now the question was, how can I embed the root CA cert + associated private key in the installer, such that it can not be retrieved easily? Has anyone ever done anything like this before? Does anyone have any better approach to suggest? Thank you very much for your help. ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
