openssl 会拒绝没有基本约束的自签名证书吗? [英] Does openssl refuse self signed certificates without basic constraints?
问题描述
我有两个极其相似的自签名证书,是通过两种不同的方法生成的.
I have two extremely similar self signed certificates, generated via two different methods.
为了测试它们,我有:
- 在我的主机文件中为 local.mydomain.com 添加了一个条目
- 设置一个 nginx 服务器在端口 443 上侦听该域,并使用正在测试的证书和相关的私钥(然后我切换证书并重新启动 nginx 进行比较)
- 通过
openssl s_client -connect local.mydomain.com -CAfile/path/to/the/ca/cert.pem 连接到 nginx
一个证书失败:
CONNECTED(00000003)
depth=0 CN = local.mydomain.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = local.mydomain.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=local.mydomain.com
i:/CN=local.mydomain.com
---
一个证书成功:
CONNECTED(00000003)
depth=0 CN = local.mydomain.com
verify return:1
---
Certificate chain
0 s:/CN = local.mydomain.com
i:/CN = local.mydomain.com
---
我将证书的详细信息与 openssl x509 -in/path/to/the/ca/cert.pem -text -noout
I compare the details of the certificates with openssl x509 -in /path/to/the/ca/cert.pem -text -noout
失败的证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:dc:02:c7:11:fc:8e:96:45:22:aa:6b:23:79:32:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=local.mydomain.com
Validity
Not Before: Nov 18 11:55:31 2016 GMT
Not After : Nov 18 12:15:31 2017 GMT
Subject: CN=local.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
<stuff>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:local.mydomain.com
X509v3 Subject Key Identifier:
6D:4F:AF:E4:60:23:72:E5:83:27:91:7D:1D:5F:E9:7C:D9:B6:00:2A
Signature Algorithm: sha256WithRSAEncryption
<stuff>
工作证书:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9b:6b:3d:a3:b9:a3:a4:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=local.mydomain.com
Validity
Not Before: Nov 19 13:27:30 2016 GMT
Not After : Nov 19 13:27:30 2017 GMT
Subject: CN=local.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
<stuff>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:E7:DA:AA:2E:CC:23:ED:C5:07:3D:E1:33:86:F5:22:D4:76:EB:CB
X509v3 Authority Key Identifier:
keyid:03:E7:DA:AA:2E:CC:23:ED:C5:07:3D:E1:33:86:F5:22:D4:76:EB:CB
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
57<stuff>
看这个最明显的区别是工作证书在X509v3 Basic Constraints下有CA:TRUE.但是,通过网络阅读,我的印象是自签名证书并不意味着是 CA,特别是这表明它们通常不会是:
Looking at this the most obvious difference is that the working cert has CA:TRUE under X509v3 Basic Constraints. However, from reading around the web I was under the impression that self signed certs weren't meant to be CAs, in particular this says they normally won't be:
https://security.stackexchange.com/questions/44340/basic-self-签名证书问题
那里的答案是自签名不涉及 CA.但也许 openssl 需要自签名证书才能设置?
The answer there says that being self-signed there is no CA involved. But maybe openssl requires self signed certs to have that set anyway?
推荐答案
从我自己的实验中,我可以确认你所看到的.我对这种行为的解释是,自签名证书仍然是由颁发者签名的证书,即使颁发者的证书是证书本身.但只有 CA 证书可用于签署证书,即这正是 CA:true 允许的约束.这意味着自签名证书也需要是具有 CA:true 约束的 CA 证书.
From my own experiments I can confirm what you see. My explanation of the behavior is that a self signed certificate is still a certificate which is signed by the issuer, even if the issuer's certificate is the certificate itself. But only CA certificates can be used to sign certificates, i.e. that's exactly the constraint CA:true allows. This means that a self-signed certificate needs also to be a CA certificate with the constraint CA:true.
这篇关于openssl 会拒绝没有基本约束的自签名证书吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
