[Help-gnutls] CA certificates -- root vs intermediate

Discussion:

Sam Morris

2007-04-04 16:07:25 UTC

I've been using my own CA certificate to secure my access (with SSL/TLS)
to my personal email & web server for a while now. I originally
generated the CA certificate with gnutls' certtool program. I now need
to get the certificate working on a client running Mac OS X.

It's fairly straightforward to import the certificate into OS X's
Keychain application; however, Keychain insists that my CA is only an
"intermediate certificate authority", and therefore OS X refuses to
trust the certificate.

I have gone through the output of 'certtool --info' and 'openssl x509
-text', and have done quite some Googling by now, but I can't find any
way to determine the criteria by which Keychain decides that my
certificate is that of a root authority, or an intermediate authority.

So my question is: is this root/intermediate setting actually in the
certificate itself (in which case it's something I can fix by generating
a new certificate--although I can't find any options for this in
certtol's documentation; is it possible, or will I have to use openssl?)
or is it something I need to do in the Keychain application?

The certificate is available from
https://crypt.ethx.net/robots.org.uk-CA.crt in case anyone wants a copy.

--
Sam Morris
http://robots.org.uk/

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078

Simon Josefsson

2007-04-05 20:57:44 UTC

Permalink

Post by Sam Morris
I've been using my own CA certificate to secure my access (with SSL/TLS)
to my personal email & web server for a while now. I originally
generated the CA certificate with gnutls' certtool program. I now need
to get the certificate working on a client running Mac OS X.
It's fairly straightforward to import the certificate into OS X's
Keychain application; however, Keychain insists that my CA is only an
"intermediate certificate authority", and therefore OS X refuses to
trust the certificate.
I have gone through the output of 'certtool --info' and 'openssl x509
-text', and have done quite some Googling by now, but I can't find any
way to determine the criteria by which Keychain decides that my
certificate is that of a root authority, or an intermediate authority.
So my question is: is this root/intermediate setting actually in the
certificate itself (in which case it's something I can fix by generating
a new certificate--although I can't find any options for this in
certtol's documentation; is it possible, or will I have to use openssl?)
or is it something I need to do in the Keychain application?

Basically, root certificates have subject==issuer, intermediate
certificates have subject!=issuer.

Post by Sam Morris
The certificate is available from
https://crypt.ethx.net/robots.org.uk-CA.crt in case anyone wants a copy.

The certificate is missing the 'key usage' bits of certificate
signing, and a subject key ID. But that doesn't seem relevant to the
error message you got. And, many commercial CAs also lack those
fields so you aren't alone in this.

I think you'll need to debug this as a Keychain problem further, to
understand exactly why it is complaining. Can you add any other
certificate as a new trusted root CA?

/Simon

Sam Morris

2007-08-10 12:29:44 UTC

Permalink

Post by Simon Josefsson

Basically, root certificates have subject==issuer, intermediate
certificates have subject!=issuer.

Post by Sam Morris
The certificate is available from
https://crypt.ethx.net/robots.org.uk-CA.crt in case anyone wants a copy.

The certificate is missing the 'key usage' bits of certificate
signing, and a subject key ID. But that doesn't seem relevant to the
error message you got. And, many commercial CAs also lack those
fields so you aren't alone in this.
I think you'll need to debug this as a Keychain problem further, to
understand exactly why it is complaining. Can you add any other
certificate as a new trusted root CA?

So, I finally had some time to look into this. I asked on the Apple-cdsa
mailing list[0] and recieved a reply from someone who seems to work for
Apple[1] that indicated that the problem is with my certificate; the
Apple crypto libraries cannot parse it for some reason.

[0] http://lists.apple.com/archives/Apple-cdsa/2007/Aug/msg00009.html
[1] http://lists.apple.com/archives/Apple-cdsa/2007/Aug/msg00016.html

I also had problems trying to get my certificate to import into a Sony
Ericsson K800i mobile phone. For months I assumed it was a limitation of
the phone itself (it would only bleat, "invalid certificate" at me, and
Sony Ericsson's tech support service was worse than useless)...

... but today I sat down and generated a root certificate with OpenSSL,
which imported fine into both the Mac OS Keychain software, and the
K800i phone.

So my conclusion is that GnuTLS is generating invalid/corrupt
certificates, or at least, that it is using some part of the certificate
that other X509 implementations don't commonly implement (although my
original certificate did function correctly with OpenSSL, NSS and
whatever Windows uses).

To double-check, I generated a new root certificate with GnuTLS 1.4.4,
and tried to import it into the Mac OS Keychain; I had exactly the same
problem again. The command I used was:

certtool --generate-self-signed --load-privkey private-key --template CA.cfg

Whereas CA.cfg contained:

organization = "Test Org"
country = GB
cn = "Test Org certificate authority"
serial = 0
expiration_days = 1825
ca
cert_signing_key
ocsp_signing_key

I would file a bug about this, but I see that newer versions of GnuTLS
are now available, and so it is possible that this bug has been fixed in
a subsequent version. I no longer have the Mac to perform further
testing with, so I can't currently create a certificate with 1.6 or 1.7
and test with that instead. :(

Anyway, thanks for your help!

Post by Simon Josefsson
/Simon

--
Sam Morris <***@robots.org.uk>

Simon Josefsson

2007-08-10 13:35:22 UTC

Permalink

Post by Sam Morris
So, I finally had some time to look into this. I asked on the Apple-cdsa
mailing list[0] and recieved a reply from someone who seems to work for
Apple[1] that indicated that the problem is with my certificate; the
Apple crypto libraries cannot parse it for some reason.
[0] http://lists.apple.com/archives/Apple-cdsa/2007/Aug/msg00009.html
[1] http://lists.apple.com/archives/Apple-cdsa/2007/Aug/msg00016.html
I also had problems trying to get my certificate to import into a Sony
Ericsson K800i mobile phone. For months I assumed it was a limitation of
the phone itself (it would only bleat, "invalid certificate" at me, and
Sony Ericsson's tech support service was worse than useless)...
... but today I sat down and generated a root certificate with OpenSSL,
which imported fine into both the Mac OS Keychain software, and the
K800i phone.
So my conclusion is that GnuTLS is generating invalid/corrupt
certificates, or at least, that it is using some part of the certificate
that other X509 implementations don't commonly implement (although my
original certificate did function correctly with OpenSSL, NSS and
whatever Windows uses).
To double-check, I generated a new root certificate with GnuTLS 1.4.4,
and tried to import it into the Mac OS Keychain; I had exactly the same
certtool --generate-self-signed --load-privkey private-key --template CA.cfg
organization = "Test Org"
country = GB
cn = "Test Org certificate authority"
serial = 0
expiration_days = 1825
ca
cert_signing_key
ocsp_signing_key
I would file a bug about this, but I see that newer versions of GnuTLS
are now available, and so it is possible that this bug has been fixed in
a subsequent version. I no longer have the Mac to perform further
testing with, so I can't currently create a certificate with 1.6 or 1.7
and test with that instead. :(

Hi! We did fix a problem that may have lead to problems like that in
1.6.2:

** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields.
Before, we remove the parameters field, which resulted in a slightly
different DER encoding which in turn caused signature verification
failures of GnuTLS-generated RSA certificates in some other
implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs you
read, this may or may not be correct, but our new behaviour appear to
be consistent with other widely used implementations.

Essentially, earlier 'certtool' generated incorrect signatures on
certificates, although some libraries (e.g., OpenSSL) didn't notice it.
Your error messages aren't detailed enough to tell whether this is the
same problem, but there is a possibility that it is.

So, please try 1.6.2, and if the problem persist, please debug it
further, comparing all details of the working and non-working
certificates.

Thanks,
Simon

Simon Josefsson

2007-08-10 14:02:47 UTC

Permalink

I just realized: you could try using a DSA key instead, to find out
whether the bug solved in 1.6.2 was your problem. Our bug only affected
RSA, so if you get it to work by switching to DSA, then chances are good
that switching to 1.6.2 or later will solve it for RSA as well.

/Simon

Continue reading on narkive:

Search results for '[Help-gnutls] CA certificates -- root vs intermediate' (Questions and Answers)

replies

can i get question answer of asp.net ?

started 2006-10-11 00:02:47 UTC

software