I'm writing a custom client & server that I want to communicate securely over the public Internet, therefore I want to use OpenSSL and have both ends do peer verification to ensure that my client isn't mis-directed by a MITM, and likewise that an unauthorized client isn't able to connect to the server.
This is the error received from the server during the SSL_connect / SSL_accept phase:
15620:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl\record\rec_layer_s3.c:1528:SSL alert number 48
I'm running under Windows 10, using OpenSSL 1.1.1. I'm using the following batch file to create them. I enter the ca private key passphrase by hand for obvious reasons.
openssl genrsa -out -des3 ca.key.pem 2048
openssl genrsa -out server.key.pem 2048
openssl genrsa -out client.key.pem 2048
openssl req -x509 -new -nodes -key ca.key.pem -sha256 -days 365 -out ca.cert.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar
openssl req -new -sha256 -key server.key.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out server.csr
openssl x509 -req -in server.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out server.cert.pem -days 365 -sha256
openssl req -new -sha256 -key client.key.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out client.csr
openssl x509 -req -in client.csr -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -out client.cert.pem -days 365 -sha256
The intent here is to create a self-signed CA, and then have that directly sign both the client and server keys.
ca.key.pem will be stored in a secure place: on an encrypted veracrypt volume.
Both client and server use the following call to enable peer verification:
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
I'm fairly certain this is a certificate issue because the errors go away if I remove that line.
Answering this myself so that it can help anyone else that might arrive here looking for solutions to this problem. The answer was found in another SO question, but is worth repeating here: The Common Name for the CA cannot be the same as the Common Name for the client and server certificates.
So changing the fourth line of the batch file to this:
openssl req -x509 -new -nodes -key ca.key.pem -sha256 -days 365 -out ca.cert.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=FoobarCA
fixed the problem.
$ openssl req -x509 -new ... -addext basicConstraints=critical,CA:TRUE
This essentially creates a certificate which has 2 basic contrains CA:TRUE extensions:
$ openssl x509 -in ca.cert.pem -text
X509v3 extensions:
...
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Basic Constraints: critical
CA:TRUE
Trying to use the CA to verify the server certificate will not work:
$ openssl verify -CAfile ca.cert.pem server.cert.pem
C = XX, ST = XX, L = XX, O = XX, CN = CA
error 24 at 1 depth lookup: invalid CA certificate
error server.cert.pem: verification failed
Given that this simple check does not work, the client will also not be able to validate the server certificate, resulting in an unknown ca alert:
...:tlsv1 alert unknown ca:...
When skipping the -addext it will create a self-signed certificate as documented, which already has CA:TRUE
$ openssl req -x509 -new ...
...
$ openssl x509 -in ca.cert.pem -text
X509v3 extensions:
...
X509v3 Basic Constraints: critical
CA:TRUE
And using this to verify the server certificate works:
$ openssl verify -CAfile ca.cert.pem server.cert.pem
server.cert.pem: OK
This certificate should also be successfully validated by your client, thus no longer resulting in unknown ca.
Related
I'm setting up an c++ class for handling tls connections (client and server).
It works except for the tls handshake :
I have generated my self signed root certificate and signed the rsa server key with it.
but i get a client error which is unknown CA
script to generate self signed CA (CA file and CA.pem file)
openssl req -x509 -sha256 -days 3650 -newkey rsa:4096 -keyout CA -out CA.pem
script to generate and sign the server key (key file and key.pem file)
read -p "key and cert name :" x
openssl genrsa -out $(echo $x) 2048
openssl req -new -key $(echo $x) -out $(echo $x).csr
openssl x509 -req -in $(echo $x).csr -CA CA/CA.pem -CAkey CA/CA -CAcreateserial -out $(echo $x).pem -days 3650 -sha256
then I pass CA.pem to client using SSL_CTX_use_certificate_file, key to server using SSL_CTX_use_PrivateKey_file and key.pem using SSL_CTX_use_certificate_file
client is in mode SSL_VERIFY_PEER and server is in mode SSL_VERIFY_NONE so only client checks server certificate.
As the server key is signed using CA and client trust CA.pem it should be working but when handshake is negociated, i get this in wireshark (a message from client to server) :
Alert level Fatal, Description : Unknown CA
If you read OpenSSL's documentation, for a client SSL_CTX_use_certificate_file installs a client certificate. It does not specify the list of trusted CAs that may be used to verify a cert.
For that, on the client side, you want to use SSL_CTX_load_verify_locations:
SSL_CTX_load_verify_locations() specifies the locations for ctx, at
which CA certificates for verification purposes are located.
I have a project based on Google Cloud Platform which involves adding Raspberry Pi devices to Google IoT registry. What I need to do is to generate signed certificates both for registry and for devices in order to ensure that fraudulent devices are not registered.
I already tried generating signed X.509 certificates like this:
openssl req -new -x509 -nodes -days 365 -newkey rsa:2048 -keyout ca.key -out ca.crt
openssl genrsa -out device.key 2048
openssl req -new -days 365 -key device.key -out device.csr
openssl x509 -req -days 365 -in device.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out device.crt
Notice that when promtped I put additional subj information like name, country, email, organisation which according to other SO question should make it work.
After invoking those commands I end up with following files:
ca.crt ca.key ca.srl device.crt device.csr device.key
So what I would do is to add ca.crt as registry certificate and then when I try to upload device.crt as device certificate (type RS256_X509) I get an error Certificate is not supported by Cloud IoT
What could I be doing wrong? I want to make sure that I create correct certificates and link them to registry and device.
I am following this AWS GUIDE on creating self-signed certificates.
But after creating my CA, I try to upload it to AWS IOT I get this error:
Command:
aws iot register-ca-certificate --ca-certificate file://CA_cert.pem --verification-cert file://verificationCert.crt
Error:
An error occurred (CertificateValidationException) when calling the RegisterCACertificate operation: CA certificate is not valid. The CA certificate does not have the basicConstraints extension as true
Any help appreciated!
I have also used AWS IoT and suffered same error, and I found the solution.
Reason of the error
The error occurs because basicConstraints extension in the CA certificate, which means that the certificate is CA so this certificate is able to sign other public keys to generate client certificates, is not set to TRUE.
Note that a client X's certificate contains X's public key signed by CA's private key. Other clients, for example Y, can verify the X's public key using CA's public key.
I think you had the error when you tried to generate CA certificate. The error message indicates that the CA's certificate is not allowed to sign other client public keys.
Below are how I did.
Solution
I assume that you already generate CA's key, rootCA.key.
We need a openssl config file, say rootCA_openssl.conf. Note that you can modify the values.
[ req ]
distinguished_name = req_distinguished_name
extensions = v3_ca
req_extensions = v3_ca
[ v3_ca ]
basicConstraints = CA:TRUE
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = KR
countryName_min = 2
countryName_max = 2
organizationName = Organization Name (eg, company)
organizationName_default = Deeply Inc.
Then generate CA's certificate using the config file, rootCA_openssl.conf.
openssl req -new -sha256 -key rootCA.key -nodes -out rootCA.csr -config rootCA_openssl.conf
openssl x509 -req -days 3650 -extfile rootCA_openssl.conf -extensions v3_ca -in rootCA.csr -signkey rootCA.key -out rootCA.pem
Now we have CA's certificate, rootCA.pem.
Then you can follow the instructions in the AWS IoT documentation.
For example:
# Get the registration code for the use below:
# $ aws iot get-registration-code
openssl genrsa -out verificationCert.key 2048
openssl req -new -key verificationCert.key -out verificationCert.csr
# Put the registration code in Common Name field
openssl x509 -req -in verificationCert.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out verificationCert.crt -days 500 -sha256
#mctuna with this (from AWS):
Generate a key pair.
openssl genrsa -out rootCA.key 2048
Use the private key from the key pair to generate a CA certificate.
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
I am trying to run the secure helloworld program to check the support of TLS in the GRPC code. I get this error
E1228 23:15:44.054232298 10843 ssl_transport_security.cc:621] Invalid cert chain file.
E1228 23:15:44.054286682 10843 security_connector.cc:1108] Handshaker factory creation failed with TSI_INVALID_ARGUMENT.
E1228 23:15:44.054304555 10843 server_secure_chttp2.cc:83] {"created":"#1514520944.054294700","description":"Unable to create secure server with credentials of type Ssl.","file":"src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":62,"security_status":1}
Server listening on localhost:50051
Segmentation fault (core dumped)
Following is my server code.
std::string server_address ( "localhost:50051" );
std::string key;
std::string cert;
std::string root;
read ( "server.crt", cert );
read ( "server.key", key );
read ( "ca.crt", root );
ServerBuilder builder;
grpc::SslServerCredentialsOptions::PemKeyCertPair keycert =
{
key,
cert
};
grpc::SslServerCredentialsOptions sslOps;
sslOps.pem_root_certs = root;
sslOps.pem_key_cert_pairs.push_back ( keycert );
builder.AddListeningPort(server_address, grpc::SslServerCredentials( sslOps ));
GreeterServiceImpl service;
builder.RegisterService(&service);
std::unique_ptr < Server > server ( builder.BuildAndStart () );
std::cout << "Server listening on " << server_address << std::endl;
server->Wait ();
I am just trying to run the server. CLient isnt even in the picture yet. Here is the script i used to generate the keys.
# Generate valid CA
openssl genrsa -passout pass:1234 -des3 -out ca.key 4096
openssl req -passin pass:1234 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=CA/ST=Ontario/L=Ontario/O=Test/OU=Test/CN=Root CA"
# Generate valid Server Key/Cert
openssl genrsa -passout pass:1234 -des3 -out server.key 4096
openssl req -passin pass:1234 -new -key server.key -out server.csr -subj "/C=CA/ST=Ontario/L=Ontario/O=Test/OU=Server/CN=localhost"
openssl x509 -req -passin pass:1234 -days 365 -in server.csr -CA ca.crt -
CAkey ca.key -set_serial 01 -out server.crt
# Remove passphrase from the Server Key
openssl rsa -passin pass:1234 -in server.key -out server.key
# Generate valid Client Key/Cert
openssl genrsa -passout pass:1234 -des3 -out client.key 4096
openssl req -passin pass:1234 -new -key client.key -out client.csr -subj "/C=CA/ST=Ontario/L=Ontario/O=Test/OU=Client/CN=localhost"
openssl x509 -passin pass:1234 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
# Remove passphrase from Client Key
openssl rsa -passin pass:1234 -in client.key -out client.key
Any help would be deeply appreciated. Thanks
The error looks like there was something wrong with loading server x509 certificate. Did you put your server key/certificate and CA certificate in the same directory of your server binary?
I use your script to generate keys and certificates.
I use the greeter client/server code from https://github.com/grpc/grpc/issues/9593
Everything works fine. I could not duplicate your error.
I'm using boost ssl for server and client, and I have a model for server/client program in my mind, and I'm not sure it's gonna work.
The model I have in my mind is to be the only authority for certificates of my program. My main question is: How can I do that?
In my server program, I define keys as follows:
context_.use_certificate_chain_file("../sslkeys/server.crt");
context_.use_private_key_file("../sslkeys/server.key", boost::asio::ssl::context::pem);
context_.use_tmp_dh_file("../sslkeys/dh512.pem");
I create/sign those keys/certificates using:
$ openssl genrsa -des3 -out server.key 2048
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
$ cp server.key server.key.secure
$ openssl rsa -in server.key.secure -out server.key
$ openssl dhparam -out dh512.pem 512
For my client program, I would like to create a certificate and sign it by my "server.key", because I think (and I could be wrong, please correct me if I'm) that's the way to do it. The client program requires a key using the command:
ctx.load_verify_file("../sslkeys/client.csr");
So I created a key, which I signed using the server key, with the following commands:
$ openssl genrsa -des3 -out client.key 2048
$ openssl req -new -key client.key -out client.csr
$ openssl x509 -req -days 3650 -in client.csr -signkey ../sslkeys/server.key -out client.crt
Now when I run my client and try to connect the server, I get the error: Handshake failed: certificate verify failed
What is wrong in what I'm doing? And how can I achieve the model I mentioned?
If you require any additional information, please ask.
Thanks for any efforts.
Your signing certificate has no rights to sign, because it has not the CA flag set. Signing will still work, but verification will fail. Since there are already lots of guides on the internet which will show in detail how to do it right so you might just look here or here for more details.
Also, using only a 512 bit Diffie-Hellman reduces the security of the key exchange to 512 bit, which is exploitable today (see also Logjam attack). The 2048 RSA key does not help here. And using 512 bit might not even work if you use the latest version of OpenSSL which just increased the minimal size to 768 bits for security reasons.