Validate a newly issued certificate

Posted on August 19, 2024 by MoBe

I’m using EST protocol for enrolling new certificates.
And I was thinking how I, as an application, should validate a certificate issued by that CA or EST server before storing and using it.

should I validate the signature of the returned… Continue reading Validate a newly issued certificate→

Shorter TLS certificate lifespans expected to complicate management efforts

Posted on August 9, 2024 by Help Net Security

76% of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security, according to Venafi. However, many feel unprepared to take action, with 77% saying the shift to 90-day certificates will mean more outages… Continue reading Shorter TLS certificate lifespans expected to complicate management efforts→

Authenticate web application generated data

Posted on July 24, 2024 by paul

I am currently developing a web application where I need to ensure that retrieved data (stored in database) have been generated by one or multiple (in the case of clustered applications) application. The idea would be to store a hash of th… Continue reading Authenticate web application generated data→

TLS Server Certificate Validations 1.2 [duplicate]

Posted on July 20, 2024 by Данил Зигрей

I have just started to study the TLS 1.2 protocol and would like to know what checks are performed on the client side by the browser when checking the server certificate. I would be glad if you could describe it in as much detail

Continue reading TLS Server Certificate Validations 1.2 [duplicate]→

Root CA blocked by OS – would apps programmed to trust the root CA be affected?

Posted on July 13, 2024 by Tauri

The situation:

Custom Root CA is created by some country.
Not trusted by major browsers but trusted by some local ones. Also used by some local sites which direct users to install this root CA.
some people use local browsers, majority use… Continue reading Root CA blocked by OS – would apps programmed to trust the root CA be affected?→

Why does AWS strongly recommend a non-self-signed, code-signing certificate?

Posted on June 6, 2024 by kackle123

I am developing a hardware device that utilizes AWS IoT OTA via FreeRTOS. On this AWS web page, it says

We recommend that you purchase a code-signing certificate from a
company with a good reputation for security. Do not use a self-signe… Continue reading Why does AWS strongly recommend a non-self-signed, code-signing certificate?→

Goal of CA is to allow clients ability to determine if TLS was tampered with while "in-transit"?

Posted on May 18, 2024 by learningtech

I believe my question will be a continuation of questions such as:

What’s the point of the CA?

How does a digital certificate prove authenticity?

In short, I still don’t have a firm grasp on why a TLS certificate signed by a reputable and public Certificate Authority (CA) is “better” than one that is not. I feel like I am not “connecting the dots” on this topic because I’m not seeing step-by-step examples of how a hacker can take advantage of TLS certificate that’s not been signed by a CA.

EDIT

Actually, I spent a few days thinking through hypothetical situations. My current understanding is the main problem a CA is trying to solve is to ensure TLS certificates are not tampered with while in-transit between server and client. Is that correct? Please correct me if I am completely missing the point on what CAs are all about.

Here’s a more detailed explanation of what I understand. I’ll frame my understanding in the form of Problem and Solution and communicate my ideas with step-by-step demonstrations and use of pseudo-code.

Problem

A TLS certificate contains a public key and the Subject Alt Name (SAN) or Common Name (CN) of the entity the public key is meant to encrypt information for. The public key is susceptible to being altered while in-transit from server (eg. Apache web server) to client (eg. FireFox web browser) in the form of man-in-the-middle attacks. Undesirable ways a TLS can be altered while in-transit are:

an unauthorized entity can intercept transmissions between server and client and inject a fraudulent public key into the TLS certificate. If client uses fraudulent public key to encrypt information and then clients sends this encrypted information to server, the unauthorized entity can intercept transmissions and decrypt the information with the unauthorized entity’s corresponding private key.
network connectivity issues could corrupt the TLS certificate, which could corrupt the public key and make the public key unuseable

To demonstrate this problem, I will use an example:

Assume there are 3 players for our example: AcmeCorp, FireFox web browser, and Hacker.

AcmeCorp is a legitimate company and wants to create a website https://acmecorp.com. AcmeCorp wants use a TLS certificate on their website https://acmecorp.com/. The website uses Apache Webserver. Apache Webserver needs two files to serve acmecorp.com over TLS. The two files required will be acme.cert and acme.key, which are the TLS certificate and private key respectively. The acme.cert contains a public key which can be extracted.

FireFox webbrowser is used by a real human customer. FireFox web browser visits https://acmecorp.com. FireFox receives acme.cert during TLS handshake. FireFox extracts public key from acme.cert and saves it as acme.pub. FireFox encrypts all information with acme.pub before sending it to acmecorp.com.

Hacker wants to steal information between FireFox and https://acmecorp.com. Hacker has the files hacker.cert and hacker.key, which are TLS certificate and private key respectively. The hacker.cert will have almost identical information to acme.cert, except the public key included in the hacker.cert is different from the public key acme.cert. The hacker.key can be used to decrypt information that’s been encrypted by the public key in hacker.cert. Hacker wants to intercept transmissions from acmecorp.com and replace the contents of acme.cert with contents of hacker.cert.

As it stands now, it is very easy for Hacker to intercept transmissions from acmecorp.com to FireFox and replace the contents of acme.cert with the contents of hacker.cert. There is no way for FireFox to know if such modifications took place while acme.cert was in transit. If FireFox uses the public key from hacker.cert, then Hacker will be able to decrypt all of FireFox’s transmissions using hacker.key.

Solution

The goal of a Certificate Authority is to provide client applications the ability to identify whether TLS certificates were tampered with or altered while in-transit from the server to the client application.

AcmeCorp can offer FireFox a way to verify whether the contents of acme.cert was modified by having a trusted third party called a Certificate Authority create the acme.cert on behalf of AcmeCorp. The TLS certificate creation process for acmecorp.com becomes:

TLS Creation Process

AcmeCorp owns the domain acmecorp.com.
AcmeCorp uses OpenSSL to create a private key and a CSR. The CSR has a public key, a SAN/CN of acmecorp.com and all the meta information to create a TLS certificate for the domain acmecorp.com.
AcmeCorp gives the CSR to a CA.
CA sees that the CSR is for the domain acmecorp.com.
CA does DNS checks to ensure AcmeCorp does own the domain acmecorp.com. If checks fail, then abort process.
CA creates a temporary file called temp-cert.pem based on the information of the CSR.
CA creates a TLS certificate file and digitally signs the TLS certificate with a command like MakeTLSCert(outfile: 'acmecorp.cert', infile:'temp-cert.pem', hash:'sha256', cakey:'ca.key'). My understanding of this step is weak, but i’m guessing it is broken down into these steps:
7.1. hash the contents of temp-cert.pem with sha256 and call the result a message digest.
7.2. encrypt the message digest with CA’s private key ca.key and call the result the CA digital signature.
7.3. concatenate the temp-cert.pem and the CA digital signature and call this the acmecorp.cert, which is the TLS certificate.
CA gives acme.cert to AcmeCorp.

Now AcmeCorp can use acme.cert and acme.key with Apache web server to serve https://acmecorp.com over TLS.

If a Hacker tries to perform steps 1 to 8, the hacker will fail at step 5. That is, a CA will see that the hacker does not own the DNS records for acmecorp.com. Therefore, the CA will not issue a certificate that has the CA’s digital signature.

Next, these are the steps that FireFox will use to identify a legitimate TLS certificate, that is, differentiate between acme.cert and hacker.cert by inspecting the contents:

TLS verification

FireFox comes bundled with the Public Key of reputable CA. Let’s say FireFox has the public key of the reputable CA used in the steps above and it has the file name ca.pub. When FireFox visits https://acmecorp.com, the following happens:

FireFox receives TLS certificate.
FireFox extracts public key from TLS certificate.
FireFox asks if public key can be trusted. The next step and onwards are meant to answer this question.
FireFox sees a CA digital signature in the TLS certificate.
In step 6 of the TLS creation process, temp-cert.pem is the first half of the TLS certificate, and the digital signature is the second half. Hence:
5.1 FireFox uses the ca.pub to decrypt the digital signature which yields a message digest (note, only ca.pub can decrypt information encrypted by ca.key). We now have the message digest that made by the CA.
5.2 FireFox uses the ca.pub to sha256 hash temp-cert.pem of TLS certificate to create another message digest.
FireFox compares the message digest of step 5.1 and step 5.2 to make sure they are the same. If they are not the same, then it means the TLS certificate was modified while in transit from acmecorp.com to Firefox.

Final Questions

Did I mis-understand anything? Specifically:

Did I mis-understand the main goal(s) of a Certificate Authority?
Did I mis-understand how the Certificate Authority achieves its goals?
Does anything I’ve said change between TLS1.2 vs. TLS1.3? I think everything I’ve said so far applies to TLS1.2 . If I were to guess how this applies to TLS1.3, it is that public keys in TLS certificates are used for generating symmetric keys in the Diffie-Hellman algorithm as opposed to being used for encrypting information. Hence, the function of CA digital signatures to allow FireFox a way to verify TLS certificates coming from the server were not tampered with still applies…because incorrect public keys means you are generating the wrong symmetric keys which a hacker can exploit. Is that correct?

Continue reading Goal of CA is to allow clients ability to determine if TLS was tampered with while "in-transit"?→

How do I remove a certificate from (RedHat) Linux ca-trust? [migrated]

Posted on April 25, 2024 by bbaassssiiee

I installed a duplicate certificate for a CN in the ca-trust store of my RHEL8 systems. I added the PEM file to /etc/pki/ca-trust/source/anchors and ran update-ca-trust.
How can I remove the certificate(s) that update-ca-trust installed? I… Continue reading How do I remove a certificate from (RedHat) Linux ca-trust? [migrated]→

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)

Posted on April 9, 2024 by Mirko Zorz

EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI. With its extensive history as one of the longest-standing CA software projects, EJBCA offers proven robustness, reliability, an… Continue reading EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)→

Making CA certificates with `-subj` vs. `openssl-ca.cnf`?

Posted on February 8, 2024 by John

I read through the answers from this question here:
https://stackoverflow.com/questions/21297139/how-do-you-sign-a-certificate-signing-request-with-your-certification-authority
But my comprehension on the matter is still weak. I am trying… Continue reading Making CA certificates with `-subj` vs. `openssl-ca.cnf`?→