If you are using client certificates, use a CRL at the server side.
that way you can assure that only those that you want can connect to
the server
Regarding the certificates.
* Distribute the CA certificates (a simple script suffices)
* Store the certificates and keys on a safe medium you can put in a vault
* Store only the CA certificates (not the keys) and the server
certificate and key on your server.
Obviously all keys are encrypted using a strong password...
Regards,
Serge Fonville
To answer your original question, you can not verify a chain without
all chain members to verify against root --> sub --> client/server
cert
On Wed, Sep 2, 2009 at 12:02 PM, Yin, Ben 1. (NSN - CN/Cheng
Du)<ben.1....@nsn.com> wrote:
> Yes. It use openssl lib.
>
> My client & server looks like follow to set up sub ca and certificate, the
> CERTFILE only include the certificate signed by sub ca. Thanks.
>
> ...
> if (SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1)
> int_error("Error loading CA file and/or directory");
> if (SSL_CTX_set_default_verify_paths(ctx) != 1)
> int_error("Error loading default CA file and/or directory");
> if (SSL_CTX_use_certificate_chain_file(ctx, CERTFILE) != 1)
> int_error("Error loading certificate from file");
> if (SSL_CTX_use_PrivateKey_file(ctx, KEYFILE, SSL_FILETYPE_PEM) != 1)
> int_error("Error loading private key from file");
> ....
>
>
> Br
>
> Ben
>
> -----Original Message-----
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
> Sent: Wednesday, September 02, 2009 12:52 PM
> To: openssl-users@openssl.org
> Subject: Re: Verify certificate using subordinate ca
>
> Wat exactly are the applications you use, are they compiled against
> openssl libraries?
>
> On Wed, Sep 2, 2009 at 11:49 AM, Yin, Ben 1. (NSN - CN/Cheng
> Du)<ben.1....@nsn.com> wrote:
>> Yes. When server send certificate signed by sub ca to client. How client can
>> verify it only use sub ca. would you please show me the client side code?
>> :-) Thanks.
>>
>>
>> Br
>>
>> Ben
>>
>> -----Original Message-----
>> From: owner-openssl-us...@openssl.org
>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
>> Sent: Wednesday, September 02, 2009 12:43 PM
>> To: openssl-users@openssl.org
>> Subject: Re: Verify certificate using subordinate ca
>>
>> Everytime an application connects to an ssl-enabled server the
>> certificate chain is verified.
>>
>> On Wed, Sep 2, 2009 at 11:37 AM, Yin, Ben 1. (NSN - CN/Cheng
>> Du)<ben.1....@nsn.com> wrote:
>>> Hi,
>>>
>>> What's you mean "If your client application supports that", do you mean I
>>> do the verify by client itself, don't use openssl default verify
>>> functionality?
>>>
>>>
>>> Br
>>>
>>> Ben
>>>
>>> -----Original Message-----
>>> From: owner-openssl-us...@openssl.org
>>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
>>> Sent: Wednesday, September 02, 2009 11:59 AM
>>> To: openssl-users@openssl.org
>>> Subject: Re: Verify certificate using subordinate ca
>>>
>>> If your client application supports that, it could be done. but no
>>> standard compliant application allows that to my knowledge.
>>>
>>> On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng
>>> Du)<ben.1....@nsn.com> wrote:
>>>> Hi Serge,
>>>>
>>>> Maybe we can put the root ca into the verification chain if I can prove
>>>> the verfiy certificate using only sub ca is impossible. But before that,
>>>> do you know if it's possible to verfiy certificate without root ca? Thanks.
>>>>
>>>>
>>>> Br
>>>>
>>>> Ben
>>>>
>>>> -----Original Message-----
>>>> From: owner-openssl-us...@openssl.org
>>>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
>>>> Sent: Wednesday, September 02, 2009 11:28 AM
>>>> To: openssl-users@openssl.org
>>>> Subject: Re: Verify certificate using subordinate ca
>>>>
>>>> How do you think compromising a CA would occur, because a CA could
>>>> only becom compromised when someone leaks the key for that specific CA
>>>> And if it happens once, it will likely happen twice. And I hope in
>>>> your best interest, you are not distributing keys to terminals.
>>>>
>>>> Also, if you need to copy a file to 1000^2 terminals, use a script.
>>>> I assume you have a list of all these terminals (otherwise you have a
>>>> serious problem)
>>>>
>>>> I assume you are using server certificates and client certificates.
>>>> with these there corresponds a CRL, this crl can be automatically used
>>>> by any clientapplication that uses a certificate issued by any CA
>>>>
>>>> Bacically, are you distributing keys to terminals?
>>>>
>>>> Regards,
>>>>
>>>> Serge Fonville
>>>>
>>>> On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng
>>>> Du)<ben.1....@nsn.com> wrote:
>>>>> OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub
>>>>> ca signed by root ca. and each sub ca used as ca by 1000 terminals.so the
>>>>> total network size is 1000*1000. All our ca, including root ca and sub
>>>>> ca, was stored offline. I need copy sub ca to terminal it was used. So if
>>>>> one of sub ca was compromised, what I need to do is sign a new sub ca
>>>>> using root ca and copy it to 1000 terminal where sub ca has been
>>>>> compromised. And if root ca was compromised, I need to re-deploy CA on
>>>>> 1000*1000 terminal mannuly. That is why I want to keep root ca out of the
>>>>> chain. And only using sub ca and certificate to do the verification.
>>>>> Dose it possible? It seems that openssl always try to find the issuer of
>>>>> sub ca during tht chain verification because it wasn't self signed root
>>>>> ca.
>>>>>
>>>>>
>>>>> Br
>>>>>
>>>>> Ben
>>>>>
>>>>> -----Original Message-----
>>>>> From: owner-openssl-us...@openssl.org
>>>>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
>>>>> Sent: Tuesday, September 01, 2009 5:14 PM
>>>>> To: openssl-users@openssl.org
>>>>> Subject: Re: Verify certificate using subordinate ca
>>>>>
>>>>> I don't see your problem honestly. Figuring out a private key is close
>>>>> to impossible.
>>>>> And stealing it, well, that is more related to security itself than to
>>>>> the actual key being secure or not.
>>>>>
>>>>> >From what I understand, a chain works somewhat like this
>>>>>
>>>>> you
>>>>> --peter
>>>>> ----john
>>>>> ------carl
>>>>>
>>>>> You talk to peter, peter is trusted by john, john is trusted by carl,
>>>>> you trust carl
>>>>> Say if you were to obsolete carl in this chain (by trusting john) john
>>>>> would then become the root
>>>>> If this is the case, why would you want to have carl at all?
>>>>>
>>>>> Thawte, verisign etc work the same way
>>>>>
>>>>> Also, why is distributing a CA cert so difficult?
>>>>> What is your environment?
>>>>> What applications are using the certs?
>>>>> And how do they verify the chain?
>>>>>
>>>>> Again, without the key for each CA it can't be compromised
>>>>> Has this actually happened or is this someone eing paranoid?
>>>>>
>>>>> Who has created the chain?
>>>>>
>>>>> I'm still not clear of the purpose of the root ca if it should not
>>>>> need to be trusted
>>>>>
>>>>> Regards,
>>>>>
>>>>> Serge Fonville
>>>>>
>>>>> On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng
>>>>> Du)<ben.1....@nsn.com> wrote:
>>>>>> No. In our enviroment. The root CA private key is isolated and absolutly
>>>>>> safe. Regarding the compromised, I means CA can't be trusted any more,
>>>>>> Such as the private key was stolen some how or someone find a way to
>>>>>> figure out private key for one CA. it easy to set up new sub ca in one
>>>>>> domain if those compromise happened on sub ca. but if it happened on
>>>>>> root ca, it's quite hard to fix the our whole network. Thanks.
>>>>>>
>>>>>>
>>>>>> Br
>>>>>>
>>>>>> Ben
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: owner-openssl-us...@openssl.org
>>>>>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
>>>>>> Sent: Tuesday, September 01, 2009 4:31 PM
>>>>>> To: openssl-users@openssl.org
>>>>>> Subject: Re: Verify certificate using subordinate ca
>>>>>>
>>>>>> Based on what you state.
>>>>>> There is no purpose for the root CA.
>>>>>>
>>>>>> What do you mean by compromised.
>>>>>> If you publish a CA certificate to clients, it does not include the
>>>>>> key. (normally)
>>>>>> So the only thing a client can do is use it in the session at best.
>>>>>> There is NO way a client can use a CA certificate to sign anything
>>>>>> without the corresponding key.
>>>>>>
>>>>>> I have a chain on my website, and noone (except me, because I can
>>>>>> access the server) is able to sign anything. Since the CAs are only
>>>>>> used for signing and verifying and not for encrypting, if the CA keys
>>>>>> are stored safely, there is no 'compromise'
>>>>>>
>>>>>> Are you distributing the keys as well?
>>>>>>
>>>>>> HTH
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Serge Fonville
>>>>>>
>>>>>>
>>>>>> On Tue, Sep 1, 2009 at 2:13 PM, Yin, Ben 1. (NSN - CN/Cheng
>>>>>> Du)<ben.1....@nsn.com> wrote:
>>>>>>> I only want to verfiy the signature (I mean the procedure when sub ca
>>>>>>> sign the certiticate). So I guess sub ca and certification should has
>>>>>>> enough info to do it because we needn't root ca when we use sub ca to
>>>>>>> sign the certificate. Is there a way for this requirement? Thanks.
>>>>>>>
>>>>>>>
>>>>>>> Br
>>>>>>>
>>>>>>> Ben
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: owner-openssl-us...@openssl.org
>>>>>>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1.
>>>>>>> (NSN - CN/Cheng Du)
>>>>>>> Sent: Tuesday, September 01, 2009 3:06 PM
>>>>>>> To: openssl-users@openssl.org
>>>>>>> Subject: RE: Verify certificate using subordinate ca
>>>>>>>
>>>>>>> Hi Serge,
>>>>>>>
>>>>>>> My intention is to keep my root ca out of compromise. We want to use sub
>>>>>>> ca to splite the domain in the our whole network. Then, we can easy to
>>>>>>> re-sign a new sub ca and publish it if we find one domain sub ca was
>>>>>>> compromised. And if we expose the the root ca to public ,it hard to
>>>>>>> maintain if root ca was cracked.
>>>>>>>
>>>>>>> And as you said, "create a new chain and let sub ca as root", I don't
>>>>>>> know how to do it. In my testing, I set verify depth to 1. I guess it
>>>>>>> will make chain only include certificate and sub ca. the testing show
>>>>>>> that the openssl still try to find the issuer of sub ca, and so the
>>>>>>> verification was failed.
>>>>>>>
>>>>>>> Here is the output:
>>>>>>>
>>>>>>> -with certificate at depth: 1
>>>>>>> issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA
>>>>>>> subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA
>>>>>>> err 20:unable to get local issuer certificate
>>>>>>> -with certificate at depth: 1
>>>>>>> issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA
>>>>>>> subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA
>>>>>>> err 27:certificate not trusted
>>>>>>> -with certificate at depth: 0
>>>>>>> issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA
>>>>>>> subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab.
>>>>>>> err 27:certificate not trusted
>>>>>>>
>>>>>>> And FYI. Here is the complete chain verfication output.
>>>>>>>
>>>>>>> -with certificate at depth: 2
>>>>>>> issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA
>>>>>>> subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA
>>>>>>> err 0:ok
>>>>>>> -with certificate at depth: 1
>>>>>>> issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Root CA
>>>>>>> subject = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA
>>>>>>> err 0:ok
>>>>>>> -with certificate at depth: 0
>>>>>>> issuer = /C=fi/O=WCDMA/CN=NSN Tre WCDMA Sub1 CA
>>>>>>> subject = /C=FI/ST=Tampere/L=Tampere/O=NSN/CN=lab.
>>>>>>> err 0:ok
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> Br
>>>>>>>
>>>>>>> Ben
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: owner-openssl-us...@openssl.org
>>>>>>> [mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
>>>>>>> Sent: Tuesday, September 01, 2009 2:14 PM
>>>>>>> To: openssl-users@openssl.org
>>>>>>> Subject: Re: Verify certificate using subordinate ca
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Hmm...
>>>>>>>
>>>>>>> I've had the same issue.
>>>>>>> Basically it came down to "how do you know if the sub is reliable if
>>>>>>> you do not know whether to trust the root?"
>>>>>>> If you do not wish to have the root as part of the chain, create a new
>>>>>>> chain where the sub is the root
>>>>>>> What is the reason you do not want to use the root in the chain check,
>>>>>>> but it should be part of the chain?
>>>>>>>
>>>>>>> HTH
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Serge Fonville
>>>>>>>
>>>>>>> On Tue, Sep 1, 2009 at 1:04 PM, Yin, Ben 1. (NSN - CN/Cheng
>>>>>>> Du)<ben.1....@nsn.com> wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> It there a way to verify certificate with out root ca? I have 4
>>>>>>> certificate:
>>>>>>>> rootca.pem is the root ca (self signed). subca.pem was signed by
>>>>>>> rootca.pem.
>>>>>>>> cert1.pem & cert2.pem was signed by subca.pem. I was supposed to
>>>>>>> configure
>>>>>>>> the client and server using subca.pem as ca, and cert1.pem & cert2.pem
>>>>>>> as
>>>>>>>> certificate. It seem that openssl still try to find rootca.pem to
>>>>>>> verfiy
>>>>>>>> subca.pem when handshake. But I don't what root.pem can bo accessed
>>>>>>> for
>>>>>>>> keeping it safe. So It there a way to verify certificate with out root
>>>>>>> ca,
>>>>>>>> only using sub ca and certificate signed by sub ca? Thanks.
>>>>>>>>
>>>>>>>> Br
>>>>>>>>
>>>>>>>> Ben
>>>>>>> ______________________________________________________________________
>>>>>>> OpenSSL Project http://www.openssl.org
>>>>>>> User Support Mailing List openssl-us...@openssl.org
>>>>>>> Automated List Manager majord...@openssl.org
>>>>>>> ______________________________________________________________________
>>>>>>> OpenSSL Project http://www.openssl.org
>>>>>>> User Support Mailing List openssl-us...@openssl.org
>>>>>>> Automated List Manager majord...@openssl.org
>>>>>>> ______________________________________________________________________
>>>>>>> OpenSSL Project http://www.openssl.org
>>>>>>> User Support Mailing List openssl-us...@openssl.org
>>>>>>> Automated List Manager majord...@openssl.org
>>>>>>>
>>>>>> ______________________________________________________________________
>>>>>> OpenSSL Project http://www.openssl.org
>>>>>> User Support Mailing List openssl-us...@openssl.org
>>>>>> Automated List Manager majord...@openssl.org
>>>>>> ______________________________________________________________________
>>>>>> OpenSSL Project http://www.openssl.org
>>>>>> User Support Mailing List openssl-us...@openssl.org
>>>>>> Automated List Manager majord...@openssl.org
>>>>>>
>>>>> ______________________________________________________________________
>>>>> OpenSSL Project http://www.openssl.org
>>>>> User Support Mailing List openssl-us...@openssl.org
>>>>> Automated List Manager majord...@openssl.org
>>>>> ______________________________________________________________________
>>>>> OpenSSL Project http://www.openssl.org
>>>>> User Support Mailing List openssl-us...@openssl.org
>>>>> Automated List Manager majord...@openssl.org
>>>>>
>>>> ______________________________________________________________________
>>>> OpenSSL Project http://www.openssl.org
>>>> User Support Mailing List openssl-us...@openssl.org
>>>> Automated List Manager majord...@openssl.org
>>>> ______________________________________________________________________
>>>> OpenSSL Project http://www.openssl.org
>>>> User Support Mailing List openssl-us...@openssl.org
>>>> Automated List Manager majord...@openssl.org
>>>>
>>> ______________________________________________________________________
>>> OpenSSL Project http://www.openssl.org
>>> User Support Mailing List openssl-us...@openssl.org
>>> Automated List Manager majord...@openssl.org
>>> ______________________________________________________________________
>>> OpenSSL Project http://www.openssl.org
>>> User Support Mailing List openssl-us...@openssl.org
>>> Automated List Manager majord...@openssl.org
>>>
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-us...@openssl.org
>> Automated List Manager majord...@openssl.org
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-us...@openssl.org
>> Automated List Manager majord...@openssl.org
>>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-us...@openssl.org
> Automated List Manager majord...@openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-us...@openssl.org
> Automated List Manager majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
