SSL Certificate validation

 

I would like to know what are the exact steps of certificate authentication over HTTP. I know this has been asked before, but from what I've read it's still unclear to me how it works.

  • When first contacting the secure site client will send its certificate

  • This will be his public key ( let's say a public_key.pem file begginging with ----BEGIN PUBLIC KEY---- )

  • Server will look whether this certificate has been signed by a trusted CA.

  • The server only has a list of certificates which it trusts (you configure this keystore when configuring SSL). That is where all private keys are stored. Is this equivalent to all the trusted CAs of the server?
  • The next step now is to take the public_key.pem and check whether any of the certificates in the keystore have signed it.

    • If the above process is accurate:

    First question : A 'certificate' is a private key signed by another certificate ( or self-signed )

    Second question : How exactly does a server validate that a public key was signed with a specific private key ( certificate ) ?

    Third question : 'certificate' A can be used to sign another 'certificate' B , consequently 'certificate' B can be used to sign certificate C and so on. If my server has certificate A in its truststore, it means it will also trust public keys coming from certificate B and C ?

    Edit based on answer below

    My server has cert.pem and privkey.pem . The cert.pem ( x509 certificate ) has been signed by a trusted CA using its private key ( the 'signing' process involves the CA to do 'something' with its private key and sign my Certificate signing request ).

    When SSL is negotiatied my server will send the cert.pem to the client ( in some form ). How does the client determine that my public cert was signed by a trusted CA. My truststore pb only contains other public certificates of trusted CAs, so it ends up checking whether my cert.pem was signed using only public certificates of trusted CAs. This is is the part which is unclear - and I may be missunderstanding the whole process - can a client check if my x509 certificate is valid by just having an x509 list of certificates of trusted CAs?

    When first contacting the secure site client will send its certificate

    A client doesn't have to send a certificate. Judging from your question, it doesn't sound like you're asking specifically about client-cerificate authentication. In many sites, like if you go to google, stackoverflow, facebook, etc, the client / browser will not send a certificate.

    A 'certificate' is a private key signed by another certificate ( or self-signed )

    Not quite. A certificate contains a public key that is signed by the private key that corresponds to another certificate.

    I think this is worth clearing up. A certificate itself will only ever contain the public key, or the "Subject Public Key Info" in x509 parlance. There is a corresponding private key to that public key that is stored separately from the x509 certificate.

    There are some formats that "combine" the certificate and the private key in to a single file, but at this point it isn't a certificate anymore, it's a file containing a certificate - an example of this is PKCS#12. This is a format that can store as many certificates and private keys as needed.

    A private key may not even necessarily be a file on disk - it could be in a Hardware Security Module, SmartCard, etc.

    'certificate' A can be used to sign another 'certificate' B, consequently 'certificate' B can be used to sign certificate C and so on. If my server has certificate A in its truststore, it means it will also trust public keys coming from certificate B and C ?

    Yes. This is called a certificate chain. A is the "root" certificate, B is an "intermediate", and C would be an "end-entity" or "leaf" certificate.

    This is very common among HTTPS certificates by CAs. Certificates are never issued directly off the root, they're issued off the intermediate.

    How exactly does a server validate that a public key was signed with a specific private key ( certificate ) ?

    Well this makes the assumption that a certificate is a private key, which it isn't.

    The server, as in the thing serving HTTPS, doesn't really care about the validity of the certificate. It's up to the client to decide if it should trust the certificate the server gives.

    The server has the certificate and the corresponding private key. The server can validate that the public key and the private key belong together. How this is done depends on the key type, but the gist of it is, if you know the private key, you can fully reconstruct the public key from it. The server will validate that the private key's "public parts" match the certificate's public key.

    The server will present the certificate to the client, like a browser. The browser will check many things, but at minimum it will check two important things:

  • Can the browser build a chain back to a certificate in the trust store. So the browser will look at the signer of the certificate, called the Issuer, and check if the issuer is in it's trust store. If yes, then the certificate is trusted. If no, it will see if that certificate has an Issuer, and loop all the way down the chain until it reaches the end of the chain, or when it finds something in the trust store. If it reaches the end, then the certificate was not issued by anyone it trusts.

  • That the certificate is valid for that domain. The certificate contains a Subject Alternative Name (SAN) which indicates what domains the certificate is valid for.

    • There are lots of other things that get checked, like expiration, revocation, Certificate Transparency, "strength" of the certificate - too many to list.

    How does the client determine that my public cert was signed by a trusted CA.

    Every client has its own trust store. Internet Explorer on Windows uses the Windows trust store, Google Chrome on macOS and Windows use the operating system trust store (Keychain, Windows Trust Store, etc).

    The browser / client needs to build a trust path, as described above. How it does this is a bit complex, but it works out to the Authority Key ID attribute - if it exists, and the Issuer property of the certificate. It uses these values to find the certificate that issued it.

    Once it finds the issuing certificate, it checks the signature on the certificate with the issuer's certificate public key.

    That issuing certificate could be in the "root" trust store, and uses the public key in the issuing certificate to verify the signed certificate.

    Your web server might (probably) send intermediate certificates along with the "main" (leaf) certificate. The client might use these intermediates to build a path back to a certificate that is in the root trust store. Intermediates can only be used as intermediates - you can't send an additional certificate saying "here's the root certificate, trust it".

    can a client check if my x509 certificate is valid by just having an x509 list of certificates of trusted CAs?

    Yes. That is the trust store. Every browser has / uses one. Firefox has their own trust store called NSS. Operating systems typically have their own trust store, too.

    链接地址: http://www.djcxy.com/p/3716.html

    上一篇: 制作和储存盐的最佳途径

    下一篇: SSL证书验证