idnits 2.17.1 draft-moskowitz-ecdsa-pki-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 1, 2018) is 2064 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 wg TBD R. Moskowitz 3 Internet-Draft HTT Consulting 4 Intended status: Informational H. Birkholz 5 Expires: March 5, 2019 Fraunhofer SIT 6 L. Xia 7 Huawei 8 M. Richardson 9 Sandelman 10 September 1, 2018 12 Guide for building an ECC pki 13 draft-moskowitz-ecdsa-pki-04 15 Abstract 17 This memo provides a guide for building a PKI (Public Key 18 Infrastructure) using openSSL. All certificates in this guide are 19 ECDSA, P-256, with SHA256 certificates. Along with common End Entity 20 certificates, this guide provides instructions for creating IEEE 21 802.1AR iDevID Secure Device certificates. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on March 5, 2019. 40 Copyright Notice 42 Copyright (c) 2018 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (https://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 3 59 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 3 60 2.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. The Basic PKI feature set . . . . . . . . . . . . . . . . . . 4 63 4. Getting started and the Root level . . . . . . . . . . . . . 4 64 4.1. Setting up the Environment . . . . . . . . . . . . . . . 5 65 4.2. Create the Root Certificate . . . . . . . . . . . . . . . 6 66 5. The Intermediate level . . . . . . . . . . . . . . . . . . . 6 67 5.1. Setting up the Intermediate Certificate Environment . . . 7 68 5.2. Create the Intermediate Certificate . . . . . . . . . . . 7 69 5.3. Create a Server EE Certificate . . . . . . . . . . . . . 8 70 5.4. Create a Client EE Certificate . . . . . . . . . . . . . 9 71 6. The 802.1AR Intermediate level . . . . . . . . . . . . . . . 10 72 6.1. Setting up the 802.1AR Intermediate Certificate 73 Environment . . . . . . . . . . . . . . . . . . . . . . . 10 74 6.2. Create the 802.1AR Intermediate Certificate . . . . . . . 11 75 6.3. Create an 802.1AR iDevID Certificate . . . . . . . . . . 13 76 7. Setting up a CRL for an Intermediate CA . . . . . . . . . . . 14 77 7.1. Create (or recreate) the CRL . . . . . . . . . . . . . . 14 78 7.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 14 79 8. Setting up OCSP for an Intermediate CA . . . . . . . . . . . 15 80 8.1. Create the OCSP Certificate . . . . . . . . . . . . . . . 15 81 8.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 17 82 8.3. Testing OCSP with Openssl . . . . . . . . . . . . . . . . 17 83 9. Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 17 84 9.1. Certificate Serial Number . . . . . . . . . . . . . . . . 18 85 9.2. Some OpenSSL config file limitations . . . . . . . . . . 18 86 9.3. subjectAltName support, or lack thereof . . . . . . . . . 19 87 9.4. DER support, or lack thereof . . . . . . . . . . . . . . 19 88 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 89 11. Security Considerations . . . . . . . . . . . . . . . . . . . 20 90 11.1. Adequate Randomness . . . . . . . . . . . . . . . . . . 20 91 11.2. Key pair Theft . . . . . . . . . . . . . . . . . . . . . 20 92 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 93 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 94 13.1. Normative References . . . . . . . . . . . . . . . . . . 21 95 13.2. Informative References . . . . . . . . . . . . . . . . . 21 96 Appendix A. OpenSSL config files . . . . . . . . . . . . . . . . 22 97 A.1. OpenSSL Root config file . . . . . . . . . . . . . . . . 22 98 A.2. OpenSSL Intermediate config file . . . . . . . . . . . . 24 99 A.3. OpenSSL 802.1AR Intermediate config file . . . . . . . . 28 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 31 102 1. Introduction 104 The IETF has a plethora of security solutions targeted at IoT. Yet 105 all too many IoT products are deployed with no or improperly 106 configured security. In particular resource constrained IoT devices 107 and non-IP IoT networks have not been well served in the IETF. 109 Additionally, more IETF (e.g. DOTS, NETCONF) efforts are requiring 110 secure identities, but are vague on the nature of these identities 111 other than to recommend use of X.509 digital certificates and perhaps 112 TLS. 114 This effort provides the steps, using the openSSL application, to 115 create such a PKI of ECDSA certificates. The goal is that any 116 developer or tester can follow these steps, create the basic objects 117 needed and establish the validity of the standard/program design. 118 This guide can even be used to create a production PKi, though 119 additional steps need to be taken. This could be very useful to a 120 small vendor needing to include 802.1AR [IEEE.802.1AR_2009] iDevIDs 121 in their product. 123 This guide was tested with openSSL 1.1.0f on Fedora 26 and creates 124 PEM-based certificates. DER based certificates fails (see 125 Section 9.4). 127 2. Terms and Definitions 129 2.1. Requirements Terminology 131 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 132 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 133 document are to be interpreted as described in RFC 2119 [RFC2119]. 135 2.2. Notations 137 This section will contain notations 139 2.3. Definitions 141 There are no draft specific definitions at this time 143 3. The Basic PKI feature set 145 A basic pki has two levels of hierarchy: Root and Intermediate. The 146 Root level has the greatest risk, and is the least used. It only 147 signs the Intermediate level signing certificate. As such, once the 148 Root level is created and signs the Intermediate level certificate it 149 can be locked up. In fact, the Root level could exist completely on 150 a mSD boot card for an ARM small computer like a RaspberryPi. A copy 151 of this card came be made and securely stored in a different 152 location. 154 The Root level contains the Root certificate private key, a database 155 of all signed certificates, and the public certificate. It can also 156 contain the Intermediate level public certificate and a Root level 157 CRL. 159 The Intermediate level contains the Intermediate certificate private 160 key, the public certificate, a database of all signed certificates, 161 the certificate trust chain, and Intermediate level CRL. It can also 162 contain the End Entity public certificates. The private key file 163 needs to be keep securely. For example as with the Root level, a mSD 164 image for an ARM computer could contain the complete Intermediate 165 level. This image is kept offline. The End Entity CSR is copied to 166 it, signed, and then the signed certificate and updated database are 167 moved to the public image that lacks the private key. 169 For a simple test pki, all files can be kept on a single system that 170 is managed by the tester. 172 End Entities create a key pair and a Certificate Signing Request 173 (CSR). The private key is stored securely. The CSR is delivered to 174 the Intermediate level which uses the CSR to create the End Entity 175 certificate. This certificate, along with the trust chain back to 176 the root, is then returned to the End Entity. 178 There is more to a pki, but this suffices for most development and 179 testing needs. 181 4. Getting started and the Root level 183 This guide was developed on a Fedora 26 armv7hl system (Cubieboard2 184 SoC). It should work on most Linux and similar systems. All work 185 was done in a terminal window with extensive "cutting and pasting" 186 from a draft guide into the terminal window. Users of this guide may 187 find different behaviors based on their system. 189 4.1. Setting up the Environment 191 The first step is to create the pki environment. Modify the 192 variables to suit your needs. 194 export dir=/root/ca 195 export cadir=/root/ca 196 export format=pem 197 mkdir $dir 198 cd $dir 199 mkdir certs crl csr newcerts private 200 chmod 700 private 201 touch index.txt 202 touch serial 203 sn=8 205 countryName="/C=US" 206 stateOrProvinceName="/ST=MI" 207 localityName="/L=Oak Park" 208 organizationName="/O=HTT Consulting" 209 #organizationalUnitName="/OU=" 210 organizationalUnitName= 211 commonName="/CN=Root CA" 212 DN=$countryName$stateOrProvinceName$localityName 213 DN=$DN$organizationName$organizationalUnitName$commonName 214 echo $DN 215 export subjectAltName=email:postmaster@htt-consult.com 217 Where: 219 dir 220 Directory for certificate files 222 cadir 223 Directory for Root certificate files 225 Format 226 File encoding: PEM or DER 227 At this time only PEM works 229 sn 230 Serial Number length in bytes 231 For a public CA the range is 8 to 19 233 The Serial Number length for a public pki ranges from 8 to 19 bytes. 234 The use of 19 rather than 20 is to accommodate the hex representation 235 of the Serial Number. If it has a one in the high order bit, DER 236 encoding rules will place a 0x00 in front. 238 The DN and SAN fields are examples. Change them to appropriate 239 values. If you leave one blank, it will be left out of the 240 Certificate. "OU" above is an example of an empty DN object. 242 Create the file, $dir/openssl-root.cnf from the contents in 243 Appendix A.1. 245 4.2. Create the Root Certificate 247 Next are the openssl commands to create the Root certificate keypair, 248 and the Root certificate. Included are commands to view the file 249 contents. 251 # Create passworded keypair file 253 openssl genpkey -aes256 -algorithm ec\ 254 -pkeyopt ec_paramgen_curve:prime256v1\ 255 -outform $format -pkeyopt ec_param_enc:named_curve\ 256 -out $dir/private/ca.key.$format 257 chmod 400 $dir/private/ca.key.$format 258 openssl pkey -inform $format -in $dir/private/ca.key.$format\ 259 -text -noout 261 # Create Self-signed Root Certificate file 262 # 7300 days = 20 years; Intermediate CA is 10 years. 264 openssl req -config $dir/openssl-root.cnf\ 265 -set_serial 0x$(openssl rand -hex $sn)\ 266 -keyform $format -outform $format\ 267 -key $dir/private/ca.key.$format -subj "$DN"\ 268 -new -x509 -days 7300 -sha256 -extensions v3_ca\ 269 -out $dir/certs/ca.cert.$format 271 # 273 openssl x509 -inform $format -in $dir/certs/ca.cert.$format\ 274 -text -noout 275 openssl x509 -purpose -inform $format\ 276 -in $dir/certs/ca.cert.$format -inform $format 278 5. The Intermediate level 279 5.1. Setting up the Intermediate Certificate Environment 281 The next part is to create the Intermediate pki environment. Modify 282 the variables to suit your needs. In particular, set the variables 283 for CRL and/or OCSP support. 285 export dir=$cadir/intermediate 286 mkdir $dir 287 cd $dir 288 mkdir certs crl csr newcerts private 289 chmod 700 private 290 touch index.txt 291 sn=8 # hex 8 is minimum, 19 is maximum 292 echo 1000 > $dir/crlnumber 294 # cd $dir 295 export crlDP= 296 # For CRL support use uncomment these: 297 #crl=intermediate.crl.pem 298 #crlurl=www.htt-consult.com/pki/$crl 299 #export crlDP="URI:http://$crlurl" 300 export default_crl_days=30 301 export ocspIAI= 302 # For OCSP support use uncomment these: 303 #ocspurl=ocsp.htt-consult.com 304 #export ocspIAI="OCSP;URI:http://$ocspurl" 306 commonName="/CN=Signing CA" 307 DN=$countryName$stateOrProvinceName$localityName$organizationName 308 DN=$DN$organizationalUnitName$commonName 309 echo $DN 311 Create the file, $dir/openssl-intermediate.cnf from the contents in 312 Appendix A.2. Uncomment lines for crlDistributionPoints and 313 authorityInfoAccess if using CRLs or OSCP repectfully. 315 5.2. Create the Intermediate Certificate 317 Here are the openssl commands to create the Intermediate certificate 318 keypair, Intermediate certificate signed request (CSR), and the 319 Intermediate certificate. Included are commands to view the file 320 contents. 322 # Create passworded keypair file 324 openssl genpkey -aes256 -algorithm ec\ 325 -pkeyopt ec_paramgen_curve:prime256v1 \ 326 -outform $format -pkeyopt ec_param_enc:named_curve\ 327 -out $dir/private/intermediate.key.$format 328 chmod 400 $dir/private/intermediate.key.$format 329 openssl pkey -inform $format\ 330 -in $dir/private/intermediate.key.$format -text -noout 332 # Create the CSR 334 openssl req -config $cadir/openssl-root.cnf\ 335 -key $dir/private/intermediate.key.$format \ 336 -keyform $format -outform $format -subj "$DN" -new -sha256\ 337 -out $dir/csr/intermediate.csr.$format 338 openssl req -text -noout -verify -inform $format\ 339 -in $dir/csr/intermediate.csr.$format 341 # Create Intermediate Certificate file 343 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 344 # Note 'openssl ca' does not support DER format 345 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 346 -extensions v3_intermediate_ca -notext -md sha256 \ 347 -in $dir/csr/intermediate.csr.$format\ 348 -out $dir/certs/intermediate.cert.pem 350 chmod 444 $dir/certs/intermediate.cert.$format 352 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 353 $dir/certs/intermediate.cert.$format 355 openssl x509 -noout -text -in $dir/certs/intermediate.cert.$format 357 # Create the certificate chain file 359 cat $dir/certs/intermediate.cert.$format\ 360 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 361 chmod 444 $dir/certs/ca-chain.cert.$format 363 5.3. Create a Server EE Certificate 365 Here are the openssl commands to create a Server End Entity 366 certificate keypair, Server certificate signed request (CSR), and the 367 Server certificate. Included are commands to view the file contents. 369 commonName= 370 DN=$countryName$stateOrProvinceName$localityName 371 DN=$DN$organizationName$organizationalUnitName$commonName 372 echo $DN 373 serverfqdn=www.example.com 374 emailaddr=postmaster@htt-consult.com 375 export subjectAltName="DNS:$serverfqdn, email:$emailaddr" 376 echo $subjectAltName 377 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 378 -pkeyopt ec_param_enc:named_curve\ 379 -out $dir/private/$serverfqdn.key.$format 380 chmod 400 $dir/private/$serverfqdn.$format 381 openssl pkey -in $dir/private/$serverfqdn.key.$format -text -noout 382 openssl req -config $dir/openssl-intermediate.cnf\ 383 -key $dir/private/$serverfqdn.key.$format \ 384 -subj "$DN" -new -sha256 -out $dir/csr/$serverfqdn.csr.$format 386 openssl req -text -noout -verify -in $dir/csr/$serverfqdn.csr.$format 388 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 389 # Note 'openssl ca' does not support DER format 390 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 391 -extensions server_cert -notext -md sha256 \ 392 -in $dir/csr/$serverfqdn.csr.$format\ 393 -out $dir/certs/$serverfqdn.cert.$format 394 chmod 444 $dir/certs/$serverfqdn.cert.$format 396 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 397 $dir/certs/$serverfqdn.cert.$format 398 openssl x509 -noout -text -in $dir/certs/$serverfqdn.cert.$format 400 5.4. Create a Client EE Certificate 402 Here are the openssl commands to create a Client End Entity 403 certificate keypair, Client certificate signed request (CSR), and the 404 Client certificate. Included are commands to view the file contents. 406 commonName= 407 UserID="/UID=rgm" 408 DN=$countryName$stateOrProvinceName$localityName 409 DN=$DN$organizationName$organizationalUnitName$commonName$UserID 410 echo $DN 411 clientemail=rgm@example.com 412 export subjectAltName="email:$clientemail" 413 echo $subjectAltName 414 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 415 -pkeyopt ec_param_enc:named_curve\ 416 -out $dir/private/$clientemail.key.$format 417 chmod 400 $dir/private/$clientemail.$format 418 openssl pkey -in $dir/private/$clientemail.key.$format -text -noout 419 openssl req -config $dir/openssl-intermediate.cnf\ 420 -key $dir/private/$clientemail.key.$format \ 421 -subj "$DN" -new -sha256 -out $dir/csr/$clientemail.csr.$format 423 openssl req -text -noout -verify\ 424 -in $dir/csr/$clientemail.csr.$format 426 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 427 # Note 'openssl ca' does not support DER format 428 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 429 -extensions usr_cert -notext -md sha256 \ 430 -in $dir/csr/$clientemail.csr.$format\ 431 -out $dir/certs/$clientemail.cert.$format 432 chmod 444 $dir/certs/$clientemail.cert.$format 434 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 435 $dir/certs/$clientemail.cert.$format 436 openssl x509 -noout -text -in $dir/certs/$clientemail.cert.$format 438 6. The 802.1AR Intermediate level 440 6.1. Setting up the 802.1AR Intermediate Certificate Environment 442 The next part is to create the 802.1AR Intermediate pki environment. 443 This is very similar to the Intermediate pki environment. Modify the 444 variables to suit your needs. 446 export dir=$cadir/8021ARintermediate 447 mkdir $dir 448 cd $dir 449 mkdir certs crl csr newcerts private 450 chmod 700 private 451 touch index.txt 452 sn=8 # hex 8 is minimum, 19 is maximum 453 echo 1000 > $dir/crlnumber 455 # cd $dir 456 export crlDP= 457 # For CRL support use uncomment these: 458 #crl=8021ARintermediate.crl.pem 459 #crlurl=www.htt-consult.com/pki/$crl 460 #export crlDP="URI:http://$crlurl" 461 export default_crl_days=30 462 export ocspIAI= 463 # For OCSP support use uncomment these: 464 #ocspurl=ocsp.htt-consult.com 465 #export ocspIAI="OCSP;URI:http://$ocspurl" 467 countryName="/C=US" 468 stateOrProvinceName="/ST=MI" 469 localityName="/L=Oak Park" 470 organizationName="/O=HTT Consulting" 471 organizationalUnitName="/OU=Devices" 472 #organizationalUnitName= 473 commonName="/CN=802.1AR CA" 474 DN=$countryName$stateOrProvinceName$localityName$organizationName 475 DN=$DN$organizationalUnitName$commonName 476 echo $DN 477 export subjectAltName=email:postmaster@htt-consult.com 478 echo $subjectAltName 480 Create the file, $dir/openssl-8021ARintermediate.cnf from the 481 contents in Appendix A.3. Uncomment lines for crlDistributionPoints 482 and authorityInfoAccess if using CRLs or OSCP repectfully. 484 6.2. Create the 802.1AR Intermediate Certificate 486 Here are the openssl commands to create the 802.1AR Intermediate 487 certificate keypair, 802.1AR Intermediate certificate signed request 488 (CSR), and the 802.1AR Intermediate certificate. Included are 489 commands to view the file contents. 491 # Create passworded keypair file 493 openssl genpkey -aes256 -algorithm ec\ 494 -pkeyopt ec_paramgen_curve:prime256v1 \ 495 -outform $format -pkeyopt ec_param_enc:named_curve\ 496 -out $dir/private/8021ARintermediate.key.$format 497 chmod 400 $dir/private/8021ARintermediate.key.$format 498 openssl pkey -inform $format\ 499 -in $dir/private/8021ARintermediate.key.$format -text -noout 501 # Create the CSR 503 openssl req -config $cadir/openssl-root.cnf\ 504 -key $dir/private/8021ARintermediate.key.$format \ 505 -keyform $format -outform $format -subj "$DN" -new -sha256\ 506 -out $dir/csr/8021ARintermediate.csr.$format 507 openssl req -text -noout -verify -inform $format\ 508 -in $dir/csr/8021ARintermediate.csr.$format 510 # Create 802.1AR Intermediate Certificate file 511 # The following does NOT work for DER 513 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 514 # Note 'openssl ca' does not support DER format 515 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 516 -extensions v3_intermediate_ca -notext -md sha256\ 517 -in $dir/csr/8021ARintermediate.csr.$format\ 518 -out $dir/certs/8021ARintermediate.cert.pem 520 chmod 444 $dir/certs/8021ARintermediate.cert.$format 522 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 523 $dir/certs/8021ARintermediate.cert.$format 525 openssl x509 -noout -text\ 526 -in $dir/certs/8021ARintermediate.cert.$format 528 # Create the certificate chain file 530 cat $dir/certs/8021ARintermediate.cert.$format\ 531 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 532 chmod 444 $dir/certs/ca-chain.cert.$format 534 6.3. Create an 802.1AR iDevID Certificate 536 Here are the openssl commands to create a 802.1AR iDevID certificate 537 keypair, iDevID certificate signed request (CSR), and the iDevID 538 certificate. Included are commands to view the file contents. 540 DevID=Wt1234 541 countryName= 542 stateOrProvinceName= 543 localityName= 544 organizationName="/O=HTT Consulting" 545 organizationalUnitName="/OU=Devices" 546 commonName= 547 serialNumber="/serialNumber=$DevID" 548 DN=$countryName$stateOrProvinceName$localityName 549 DN=$DN$organizationName$organizationalUnitName$commonName 550 DN=$DN$serialNumber 551 echo $DN 553 # hwType is OID for HTT Consulting, devices, sensor widgets 554 export hwType=1.3.6.1.4.1.6715.10.1 555 export hwSerialNum=01020304 # Some hex 556 export subjectAltName="otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname" 557 echo $hwType - $hwSerialNum 559 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 560 -pkeyopt ec_param_enc:named_curve\ 561 -out $dir/private/$DevID.key.$format 562 chmod 400 $dir/private/$DevID.key.$format 563 openssl pkey -in $dir/private/$DevID.key.$format -text -noout 564 openssl req -config $dir/openssl-8021ARintermediate.cnf\ 565 -key $dir/private/$DevID.key.$format \ 566 -subj "$DN" -new -sha256 -out $dir/csr/$DevID.csr.$format 568 openssl req -text -noout -verify\ 569 -in $dir/csr/$DevID.csr.$format 570 openssl asn1parse -i -in $dir/csr/$DevID.csr.pem 571 # offset of start of hardwareModuleName and use that in place of 189 572 openssl asn1parse -i -strparse 189 -in $dir/csr/$DevID.csr.pem 574 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 575 # Note 'openssl ca' does not support DER format 576 openssl ca -config $dir/openssl-8021ARintermediate.cnf -days 375\ 577 -extensions 8021ar_idevid -notext -md sha256 \ 578 -in $dir/csr/$DevID.csr.$format\ 579 -out $dir/certs/$DevID.cert.$format 580 chmod 444 $dir/certs/$DevID.cert.$format 581 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 582 $dir/certs/$DevID.cert.$format 583 openssl x509 -noout -text -in $dir/certs/$DevID.cert.$format 584 openssl asn1parse -i -in $dir/certs/$DevID.cert.pem 586 # offset of start of hardwareModuleName and use that in place of 493 587 openssl asn1parse -i -strparse 493 -in $dir/certs/$DevID.cert.pem 589 7. Setting up a CRL for an Intermediate CA 591 This part provides CRL support to an Intermediate CA. In this memo 592 it applies to both Intermediate CAs. Set the crlDistributionPoints 593 as provided via the environment variables. 595 7.1. Create (or recreate) the CRL 597 It is simple to create the CRL. The CRL consists of the certificates 598 flagged with an R (Revoked) in index.txt: 600 # Select which Intermediate level 601 intermediate=intermediate 602 #intermediate=8021ARintermediate 603 dir=$cadir/$intermediate 604 crl=$intermediate.crl.pem 606 # Create CRL file 607 openssl ca -config $dir/openssl-$intermediate.cnf \ 608 -gencrl -out $dir/crl/$crl 609 chmod 444 $dir/crl/$crl 611 openssl crl -in $dir/crl/$crl -noout -text 613 7.2. Revoke a Certificate 615 Revoking a certificate is a two step process. First identify the 616 target certificate, examples are listed below. Revoke it then 617 publish a new CRL. 619 targetcert=fqdn 620 #targetcert=clientemail 621 #targetcert=DevID 623 openssl ca -config $dir/openssl-$intermediate.cnf\ 624 -revoke $dir/certs/$targetcert.cert.$format 626 Recreate the CRL using Section 7.1. 628 8. Setting up OCSP for an Intermediate CA 630 This part provides OCSP support to an Intermediate CA. In this memo 631 it applies to both Intermediate CAs. Set the authorityInfoAccess as 632 provided via the environment variables. 634 8.1. Create the OCSP Certificate 636 OCSP needs a signing certificate. This certificate must be signed by 637 the CA that signed the certificate being checked. The steps to 638 create this certificate is the similar to a Server certificate for 639 the CA: 641 # Select which Intermediate level 642 intermediate=intermediate 643 #intermediate=8021ARintermediate 644 # Optionally, password encrypt key pair 645 encryptkey= 646 #encryptkey=-aes256 648 # Create the key pair in Intermediate level $intermediate 649 cd $dir 650 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 651 $encryptkey -pkeyopt ec_param_enc:named_curve\ 652 -out $dir/private/$ocspurl.key.$format 653 chmod 400 $dir/private/$ocspurl.$format 654 openssl pkey -in $dir/private/$ocspurl.key.$format -text -noout 656 # Create CSR 657 commonName= 658 DN=$countryName$stateOrProvinceName$localityName 659 DN=$DN$organizationName$organizationalUnitName$commonName 660 echo $DN 661 emailaddr=postmaster@htt-consult.com 662 export subjectAltName="DNS:$ocspurl, email:$emailaddr" 663 echo $subjectAltName 664 openssl req -config $dir/openssl-$intermediate.cnf\ 665 -key $dir/private/$ocspurl.key.$format \ 666 -subj "$DN" -new -sha256 -out $dir/csr/$ocspurl.csr.$format 668 openssl req -text -noout -verify -in $dir/csr/$ocspurl.csr.$format 670 # Create Certificate 672 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 673 # Note 'openssl ca' does not support DER format 674 openssl ca -config $dir/openssl-$intermediate.cnf -days 375\ 675 -extensions ocsp -notext -md sha256 \ 676 -in $dir/csr/$ocspurl.csr.$format\ 677 -out $dir/certs/$ocspurl.cert.$format 678 chmod 444 $dir/certs/$ocspurl.cert.$format 680 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 681 $dir/certs/$ocspurl.cert.$format 682 openssl x509 -noout -text -in $dir/certs/$ocspurl.cert.$format 684 8.2. Revoke a Certificate 686 Revoke the certificate as in Section 7.2. The OCSP responder SHOULD 687 detect the flag change in index.txt and, when queried respond 688 appropriately. 690 8.3. Testing OCSP with Openssl 692 OpenSSL provides a simple OCSP service that can be used to test the 693 OCSP certificate and revocation process (Note that this only reads 694 the index.txt to get the certificate status at startup). 696 In a terminal window, set variables dir and ocspurl (examples below), 697 then run the simple OCSP service: 699 dir=/root/ca/intermediate 700 ocspurl=ocsp.htt-consult.com 702 openssl ocsp -port 2560 -text -rmd sha256\ 703 -index $dir/index.txt \ 704 -CA $dir/certs/ca-chain.cert.pem \ 705 -rkey $dir/private/$ocspurl.key.pem \ 706 -rsigner $dir/certs/$ocspurl.cert.pem \ 707 -nrequest 1 709 In another window, test out a certificate status with: 711 targetcert=fqdn 712 #targetcert=clientemail 713 #targetcert=DevID 715 openssl ocsp -CAfile $dir/certs/ca-chain.cert.pem \ 716 -url http://127.0.0.1:2560 -resp_text -sha256\ 717 -issuer $dir/certs/$intermediate.cert.pem \ 718 -cert $dir/certs/$targetcert.cert.pem 720 Revoke the certificate, Section 7.2, restart the test Responder again 721 as above, then check the certificate status. 723 9. Footnotes 725 Creating this document was a real education in the state of openSSL, 726 X.509 certificate guidance, and just general level of certificate 727 awareness. Here are a few short notes. 729 9.1. Certificate Serial Number 731 The certificate serial number's role is to provide yet another way to 732 maintain uniqueness of certificates within a pki as well as a way to 733 index them in a data store. It has taken on other roles, most 734 notably as a defense. 736 The CABForum guideline for a public CA is for the serial number to be 737 a random number at least 8 octets long and no longer than 20 bytes. 738 By default, openssl makes self-signed certificates with 8 octet 739 serial numbers. This guide uses openssl's RAND function to generate 740 the random value and pipe it into the -set_serial option. This 741 number MAY have the first bit as a ONE; the DER encoding rules 742 prepend such numbers with 0x00. Thus the limit of '19' for the 743 variable 'ns'. 745 A private CA need not follow the CABForum rules and can use anything 746 number for the serial number. For example, the root CA (which has no 747 security risks mitigated by using a random value) could use '1' as 748 its serial number. Intermediate and End Entity certificate serial 749 numbers can also be of any value if a strong hash, like SHA256 used 750 here. A value of 4 for ns would provide a sufficient population so 751 that a CA of 10,000 EE certificates will have only a 1.2% probability 752 of a collision. For only 1,000 certificates the probability drops to 753 0.012%. 755 The following was proposed on the openssl-user list as an alternative 756 to using the RAND function: 758 Keep k bits (k/8 octets) long serial numbers for all your 759 certificates, chose a block cipher operating on blocks of k bits, and 760 operate this block cipher in CTR mode, with a proper secret key and 761 secret starting counter. That way, no collision detection is 762 necessary, you'll be able to generate 2^(k/2) unique k bits longs 763 serial numbers (in fact, you can generate 2^k unique serial numbers, 764 but after 2^(k/2) you lose some security guarantees). 766 With 3DES, k=64, and with AES, k=128. 768 9.2. Some OpenSSL config file limitations 770 There is a bit of inconsistency in how different parts and fields in 771 the config file are used. Environment variables can only be used as 772 values. Some fields can have null values, others cannot. The lack 773 of allowing null fields means a script cannot feed in an environment 774 variable with value null. In such a case, the field has to be 775 removed from the config file. 777 The expectation is each CA within a PKI has its own config file, 778 customized to the certificates supported by that CA. 780 9.3. subjectAltName support, or lack thereof 782 There is no direct openssl command line option to provide a 783 subjectAltName for a certificate. This is a serious limitation. Per 784 RFC 2818 [RFC2818] SAN is the object for providing email addresses 785 and DNS addresses (FQDN), yet the common practice has been to use the 786 commonName object within the distinguishedName object. How much of 787 this is due to the difficulty in creating certificates with a SAN? 789 Thus the only way to provide a SAN is through the config file. And 790 there are two approaches. This document uses an environment variable 791 to provide the SAN value into the config file. Another approach is 792 to use piping as in: 794 openssl req -new -sha256 -key domain.key\ 795 -subj "/C=US/ST=CA/O=Acme, Inc./CN=foo.com" -reqexts SAN\ 796 -config <(cat /etc/ssl/openssl.cnf\ 797 <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))\ 798 -out domain.csr 800 9.4. DER support, or lack thereof 802 The long, hard-fought battle with openssl to create a full DER pki 803 failed. The is no facility to create a DER certificate from a DER 804 CSR. It just is not there in the 'openssl ca' command. Even the 805 'openssl x509 -req' command cannot do this for a simple certificate. 807 Further, there is no 'hack' for making a certificate chain as there 808 is with PEM. With PEM a simple concatenation of the certificates 809 create a usable certificate chain. For DER, some recommend using 810 PKCS#7 [RFC2315], where others point out that this format is poorly 811 support 'in the field', whereas PKCS#12 [RFC7292] works for them. 813 Finally, openssl does supports converting a PEM certificate to DER: 815 openssl x509 -outform der -in certificate.pem -out certificate.der 817 This should also work for the keypair. However, in a highly 818 constrained device it may make more sense to just store the raw 819 keypair in the device's very limited secure storage. 821 10. IANA Considerations 823 TBD. May be nothing for IANA. 825 11. Security Considerations 827 11.1. Adequate Randomness 829 Creating certificates takes a lot of random numbers. A good source 830 of random numbers is critical. Studies [WeakKeys] have found 831 excessive amount of certificates, all with the same keys due to bad 832 randomness on the generating systems. The amount of entropy 833 available for these random numbers can be tested. On Fedora/Centos 834 and most Linux systems use: 836 cat /proc/sys/kernel/random/entropy_avail 838 If the value is low (below 1000) check your system's randomness 839 source. Is rng-tools installed? Consider adding an entropy 840 collection service like haveged from issihosts.com/haveged. 842 11.2. Key pair Theft 844 During the certificate creation, particularly during keypair 845 generation, the files are vulnerable to theft. This can be mitigate 846 using umask. Before using openssl, set umask: 848 restore_mask=$(umask -p) 849 umask 077 851 Afterwards, restore it with: 853 $restore_mask 855 or just close the shell that was used, and start a new one. 857 There is nothing in these recipes that requires super-user on the 858 system creating the certificates. Provided that adequate randomness 859 is available, a virtual machine or container is entirely appropriate. 860 Containers tend to have better access to randomness than virtual 861 machines. 863 The scripts and configuration files and in particular, private keys, 864 may be kept offline on a USB key for instance, and loaded when 865 needed. 867 The OCSP server needs to be online and available to all clients that 868 will use the certificates. This may mean available on the Internet. 870 A firewall can protect the OCSP server, and port-forwards and/or ACL 871 rules can restrict access to just the OCSP port. OCSP artifacts are 872 signed by a key designed for that purpose only so do not require that 873 the associated CA key be available online. 875 Generating new CRLs, however, requires that the CA signing key be 876 online, which is one of the reasons for creating an intermediate CA. 878 12. Acknowledgments 880 This work was jump started by the excellent RSA pki guide by Jamie 881 Nguyen. The openssl-user mailing list, with its many supportive 882 experts; in particular: Rich Salz, Jakob Bolm, Viktor Dukhovni, and 883 Erwann Abalea, was of immense help as was the openssl man pages 884 website. 886 Finally, "Professor Google" was always ready to point to answers to 887 questions like: "openssl subjectAltName on the command line". And 888 the Professor, it seems, never tires of answering even trivial 889 questions. 891 13. References 893 13.1. Normative References 895 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 896 Requirement Levels", BCP 14, RFC 2119, 897 DOI 10.17487/RFC2119, March 1997, 898 . 900 13.2. Informative References 902 [IEEE.802.1AR_2009] 903 IEEE, "IEEE Standard for Local and metropolitan area 904 networks - Secure Device Identity", IEEE 802.1AR-2009, 905 DOI 10.1109/ieeestd.2009.5367679, December 2009, 906 . 909 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 910 Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, 911 . 913 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 914 DOI 10.17487/RFC2818, May 2000, 915 . 917 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 918 and M. Scott, "PKCS #12: Personal Information Exchange 919 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 920 . 922 [WeakKeys] 923 Heninger, N., Durumeric, Z., Wustrow, E., and J. 924 Halderman, "Detection of Widespread Weak Keys in Network 925 Devices", July 2011, 926 . 929 Appendix A. OpenSSL config files 931 A.1. OpenSSL Root config file 933 The following is the openssl-root.cnf file contents 935 # OpenSSL root CA configuration file. 936 # Copy to `$dir/openssl.cnf`. 938 [ ca ] 939 # `man ca` 940 default_ca = CA_default 942 [ CA_default ] 943 # Directory and file locations. 944 dir = $ENV::dir 945 cadir = $ENV::cadir 946 format = $ENV::format 948 certs = $dir/certs 949 crl_dir = $dir/crl 950 new_certs_dir = $dir/newcerts 951 database = $dir/index.txt 952 serial = $dir/serial 953 RANDFILE = $dir/private/.rand 955 # The root key and root certificate. 956 private_key = $cadir/private/ca.key.$format 957 certificate = $cadir/certs/ca.cert.$format 959 # For certificate revocation lists. 960 crlnumber = $dir/crlnumber 961 crl = $dir/crl/ca.crl.pem 962 crl_extensions = crl_ext 963 default_crl_days = 30 964 # SHA-1 is deprecated, so use SHA-2 instead. 965 default_md = sha256 967 name_opt = ca_default 968 cert_opt = ca_default 969 default_days = 375 970 preserve = no 971 policy = policy_strict 972 copy_extensions = copy 974 [ policy_strict ] 975 # The root CA should only sign intermediate certificates that match. 976 # See the POLICY FORMAT section of `man ca`. 977 countryName = match 978 stateOrProvinceName = match 979 organizationName = match 980 organizationalUnitName = optional 981 commonName = optional 983 [ policy_loose ] 984 # Allow the intermediate CA to sign a more 985 # diverse range of certificates. 986 # See the POLICY FORMAT section of the `ca` man page. 987 countryName = optional 988 stateOrProvinceName = optional 989 localityName = optional 990 organizationName = optional 991 organizationalUnitName = optional 992 commonName = optional 994 [ req ] 995 # Options for the `req` tool (`man req`). 996 default_bits = 2048 997 distinguished_name = req_distinguished_name 998 string_mask = utf8only 999 req_extensions = req_ext 1001 # SHA-1 is deprecated, so use SHA-2 instead. 1002 default_md = sha256 1004 # Extension to add when the -x509 option is used. 1005 x509_extensions = v3_ca 1007 [ req_distinguished_name ] 1008 # See . 1009 countryName = Country Name (2 letter code) 1010 stateOrProvinceName = State or Province Name 1011 localityName = Locality Name 1012 0.organizationName = Organization Name 1013 organizationalUnitName = Organizational Unit Name 1014 commonName = Common Name 1016 # Optionally, specify some defaults. 1017 # countryName_default = US 1018 # stateOrProvinceName_default = MI 1019 # localityName_default = Oak Park 1020 # 0.organizationName_default = HTT Consulting 1021 # organizationalUnitName_default = 1023 [ req_ext ] 1024 subjectAltName = $ENV::subjectAltName 1026 [ v3_ca ] 1027 # Extensions for a typical CA (`man x509v3_config`). 1028 subjectKeyIdentifier = hash 1029 authorityKeyIdentifier = keyid:always,issuer 1030 basicConstraints = critical, CA:true 1031 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1032 keyUsage = critical, cRLSign, keyCertSign 1033 subjectAltName = $ENV::subjectAltName 1035 [ v3_intermediate_ca ] 1036 # Extensions for a typical intermediate CA (`man x509v3_config`). 1037 subjectKeyIdentifier = hash 1038 authorityKeyIdentifier = keyid:always,issuer 1039 basicConstraints = critical, CA:true, pathlen:0 1040 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1041 keyUsage = critical, cRLSign, keyCertSign 1043 [ crl_ext ] 1044 # Extension for CRLs (`man x509v3_config`). 1045 authorityKeyIdentifier=keyid:always 1047 [ ocsp ] 1048 # Extension for OCSP signing certificates (`man ocsp`). 1049 basicConstraints = CA:FALSE 1050 subjectKeyIdentifier = hash 1051 authorityKeyIdentifier = keyid,issuer 1052 keyUsage = critical, digitalSignature 1053 extendedKeyUsage = critical, OCSPSigning 1055 A.2. OpenSSL Intermediate config file 1057 The following is the openssl-intermediate.cnf file contents. 1059 Remove the crlDistributionPoints to drop CRL support and 1060 authorityInfoAccess to drop OCSP support. 1062 # OpenSSL intermediate CA configuration file. 1063 # Copy to `$dir/intermediate/openssl-intermediate.cnf`. 1065 [ ca ] 1066 # `man ca` 1067 default_ca = CA_default 1069 [ CA_default ] 1070 # Directory and file locations. 1071 dir = $ENV::dir 1072 cadir = $ENV::cadir 1073 format = $ENV::format 1075 certs = $dir/certs 1076 crl_dir = $dir/crl 1077 new_certs_dir = $dir/newcerts 1078 database = $dir/index.txt 1079 serial = $dir/serial 1080 RANDFILE = $dir/private/.rand 1082 # The Intermediate key and Intermediate certificate. 1083 private_key = $dir/private/intermediate.key.$format 1084 certificate = $dir/certs/intermediate.cert.$format 1086 # For certificate revocation lists. 1087 crlnumber = $dir/crlnumber 1088 crl = $dir/crl/intermediate.crl.pem 1089 crl_extensions = crl_ext 1090 default_crl_days = $ENV::default_crl_days 1092 # SHA-1 is deprecated, so use SHA-2 instead. 1093 default_md = sha256 1095 name_opt = ca_default 1096 cert_opt = ca_default 1097 default_days = 375 1098 preserve = no 1099 policy = policy_loose 1100 copy_extensions = copy 1102 [ policy_strict ] 1103 # The root CA should only sign intermediate certificates that match. 1104 # See the POLICY FORMAT section of `man ca`. 1105 countryName = match 1106 stateOrProvinceName = match 1107 organizationName = match 1108 organizationalUnitName = optional 1109 commonName = optional 1111 [ policy_loose ] 1112 # Allow the intermediate CA to sign a more 1113 # diverse range of certificates. 1114 # See the POLICY FORMAT section of the `ca` man page. 1115 countryName = optional 1116 stateOrProvinceName = optional 1117 localityName = optional 1118 organizationName = optional 1119 organizationalUnitName = optional 1120 commonName = optional 1121 UID = optional 1123 [ req ] 1124 # Options for the `req` tool (`man req`). 1125 default_bits = 2048 1126 distinguished_name = req_distinguished_name 1127 string_mask = utf8only 1128 req_extensions = req_ext 1130 # SHA-1 is deprecated, so use SHA-2 instead. 1131 default_md = sha256 1133 # Extension to add when the -x509 option is used. 1134 x509_extensions = v3_ca 1136 [ req_distinguished_name ] 1137 # See . 1138 countryName = Country Name (2 letter code) 1139 stateOrProvinceName = State or Province Name 1140 localityName = Locality Name 1141 0.organizationName = Organization Name 1142 organizationalUnitName = Organizational Unit Name 1143 commonName = Common Name 1144 UID = User ID 1146 # Optionally, specify some defaults. 1147 # countryName_default = US 1148 # stateOrProvinceName_default = MI 1149 # localityName_default = Oak Park 1150 # 0.organizationName_default = HTT Consulting 1151 # organizationalUnitName_default = 1153 [ req_ext ] 1154 subjectAltName = $ENV::subjectAltName 1156 [ v3_ca ] 1157 # Extensions for a typical CA (`man x509v3_config`). 1158 subjectKeyIdentifier = hash 1159 authorityKeyIdentifier = keyid:always,issuer 1160 basicConstraints = critical, CA:true 1161 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1162 keyUsage = critical, cRLSign, keyCertSign 1164 [ v3_intermediate_ca ] 1165 # Extensions for a typical intermediate CA (`man x509v3_config`). 1166 subjectKeyIdentifier = hash 1167 authorityKeyIdentifier = keyid:always,issuer 1168 basicConstraints = critical, CA:true, pathlen:0 1169 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1170 keyUsage = critical, cRLSign, keyCertSign 1172 [ usr_cert ] 1173 # Extensions for client certificates (`man x509v3_config`). 1174 basicConstraints = CA:FALSE 1175 nsCertType = client, email 1176 nsComment = "OpenSSL Generated Client Certificate" 1177 subjectKeyIdentifier = hash 1178 authorityKeyIdentifier = keyid,issuer 1179 keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment 1180 extendedKeyUsage = clientAuth, emailProtection 1181 # uncomment the following if the ENV variables set 1182 # crlDistributionPoints = $ENV::crlDP 1183 # authorityInfoAccess = $ENV::ocspIAI 1185 [ server_cert ] 1186 # Extensions for server certificates (`man x509v3_config`). 1187 basicConstraints = CA:FALSE 1188 nsCertType = server 1189 nsComment = "OpenSSL Generated Server Certificate" 1190 subjectKeyIdentifier = hash 1191 authorityKeyIdentifier = keyid,issuer:always 1192 keyUsage = critical, digitalSignature, keyEncipherment 1193 extendedKeyUsage = serverAuth 1194 # uncomment the following if the ENV variables set 1195 # crlDistributionPoints = $ENV::crlDP 1196 # authorityInfoAccess = $ENV::ocspIAI 1198 [ crl_ext ] 1199 # Extension for CRLs (`man x509v3_config`). 1200 authorityKeyIdentifier=keyid:always 1202 [ ocsp ] 1203 # Extension for OCSP signing certificates (`man ocsp`). 1205 basicConstraints = CA:FALSE 1206 subjectKeyIdentifier = hash 1207 authorityKeyIdentifier = keyid,issuer 1208 keyUsage = critical, digitalSignature 1209 extendedKeyUsage = critical, OCSPSigning 1211 A.3. OpenSSL 802.1AR Intermediate config file 1213 The following is the openssl-8021ARintermediate.cnf file contents. 1215 Remove the crlDistributionPoints to drop CRL support and 1216 authorityInfoAccess to drop OCSP support. 1218 # OpenSSL 8021ARintermediate CA configuration file. 1219 # Copy to `$dir/8021ARintermediate/openssl-8021ARintermediate.cnf`. 1221 [ ca ] 1222 # `man ca` 1223 default_ca = CA_default 1225 [ CA_default ] 1226 # Directory and file locations. 1227 # dir = /root/ca/8021ARintermediate 1228 dir = $ENV::dir 1229 cadir = $ENV::cadir 1230 format = $ENV::format 1232 certs = $dir/certs 1233 crl_dir = $dir/crl 1234 new_certs_dir = $dir/newcerts 1235 database = $dir/index.txt 1236 serial = $dir/serial 1237 RANDFILE = $dir/private/.rand 1239 # The root key and root certificate. 1240 private_key = $dir/private/8021ARintermediate.key.$format 1241 certificate = $dir/certs/8021ARintermediate.cert.$format 1243 # For certificate revocation lists. 1244 crlnumber = $dir/crlnumber 1245 crl = $dir/crl/ca.crl.pem 1246 crl_extensions = crl_ext 1247 default_crl_days = $ENV::default_crl_days 1249 # SHA-1 is deprecated, so use SHA-2 instead. 1250 default_md = sha256 1252 name_opt = ca_default 1253 cert_opt = ca_default 1254 default_enddate = 99991231235959Z # per IEEE 802.1AR 1255 preserve = no 1256 policy = policy_loose 1257 copy_extensions = copy 1259 [ policy_strict ] 1260 # The root CA should only sign 8021ARintermediate 1261 # certificates that match. 1262 # See the POLICY FORMAT section of `man ca`. 1263 countryName = match 1264 stateOrProvinceName = match 1265 organizationName = match 1266 organizationalUnitName = optional 1267 commonName = optional 1269 [ policy_loose ] 1270 # Allow the 8021ARintermediate CA to sign 1271 # a more diverse range of certificates. 1272 # See the POLICY FORMAT section of the `ca` man page. 1273 countryName = optional 1274 stateOrProvinceName = optional 1275 localityName = optional 1276 organizationName = optional 1277 organizationalUnitName = optional 1278 commonName = optional 1279 serialNumber = optional 1281 [ req ] 1282 # Options for the `req` tool (`man req`). 1283 default_bits = 2048 1284 distinguished_name = req_distinguished_name 1285 string_mask = utf8only 1286 req_extensions = req_ext 1288 # SHA-1 is deprecated, so use SHA-2 instead. 1289 default_md = sha256 1291 # Extension to add when the -x509 option is used. 1292 x509_extensions = v3_ca 1294 [ req_distinguished_name ] 1295 # See . 1296 countryName = Country Name (2 letter code) 1297 stateOrProvinceName = State or Province Name 1298 localityName = Locality Name 1299 0.organizationName = Organization Name 1300 organizationalUnitName = Organizational Unit Name 1301 commonName = Common Name 1302 serialNumber = Device Serial Number 1304 # Optionally, specify some defaults. 1305 0.organizationName_default = HTT Consulting 1306 organizationalUnitName_default = Devices 1308 [ req_ext ] 1309 subjectAltName = $ENV::subjectAltName 1311 [ hmodname ] 1312 hwType = OID:$ENV::hwType 1313 hwSerialNum = FORMAT:HEX,OCT:$ENV::hwSerialNum 1315 [ v3_ca ] 1316 # Extensions for a typical CA (`man x509v3_config`). 1317 subjectKeyIdentifier = hash 1318 authorityKeyIdentifier = keyid:always,issuer 1319 basicConstraints = critical, CA:true 1320 keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1322 [ v3_8021ARintermediate_ca ] 1323 # Extensions for a typical 1324 # 8021ARintermediate CA (`man x509v3_config`). 1325 subjectKeyIdentifier = hash 1326 authorityKeyIdentifier = keyid:always,issuer 1327 basicConstraints = critical, CA:true, pathlen:0 1328 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1329 keyUsage = critical, cRLSign, keyCertSign 1331 [ 8021ar_idevid ] 1332 # Extensions for IEEE 802.1AR iDevID 1333 # certificates (`man x509v3_config`). 1334 basicConstraints = CA:FALSE 1335 authorityKeyIdentifier = keyid,issuer:always 1336 keyUsage = critical, digitalSignature, keyEncipherment 1337 # uncomment the following if the ENV variables set 1338 # crlDistributionPoints = $ENV::crlDP 1339 # authorityInfoAccess = $ENV::ocspIAI 1341 [ crl_ext ] 1342 # Extension for CRLs (`man x509v3_config`). 1343 authorityKeyIdentifier=keyid:always 1345 [ ocsp ] 1346 # Extension for OCSP signing certificates (`man ocsp`). 1347 basicConstraints = CA:FALSE 1348 subjectKeyIdentifier = hash 1349 authorityKeyIdentifier = keyid,issuer 1350 keyUsage = critical, digitalSignature 1351 extendedKeyUsage = critical, OCSPSigning 1353 Authors' Addresses 1355 Robert Moskowitz 1356 HTT Consulting 1357 Oak Park, MI 48237 1359 Email: rgm@labs.htt-consult.com 1361 Henk Birkholz 1362 Fraunhofer SIT 1363 Rheinstrasse 75 1364 Darmstadt 64295 1365 Germany 1367 Email: henk.birkholz@sit.fraunhofer.de 1369 Liang Xia 1370 Huawei 1371 No. 101, Software Avenue, Yuhuatai District 1372 Nanjing 1373 China 1375 Email: Frank.xialiang@huawei.com 1377 Michael C. Richardson 1378 Sandelman Software Works 1380 Email: mcr+ietf@sandelman.ca 1381 URI: http://www.sandelman.ca/