idnits 2.17.1 draft-moskowitz-ecdsa-pki-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 4 instances of too long lines in the document, the longest one being 10 characters in excess of 72. == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 11, 2019) is 1872 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 wg TBD R. Moskowitz 3 Internet-Draft HTT Consulting 4 Intended status: Informational H. Birkholz 5 Expires: September 12, 2019 Fraunhofer SIT 6 L. Xia 7 Huawei 8 M. Richardson 9 Sandelman 10 March 11, 2019 12 Guide for building an ECC pki 13 draft-moskowitz-ecdsa-pki-05 15 Abstract 17 This memo provides a guide for building a PKI (Public Key 18 Infrastructure) using openSSL. All certificates in this guide are 19 ECDSA, P-256, with SHA256 certificates. Along with common End Entity 20 certificates, this guide provides instructions for creating IEEE 21 802.1AR iDevID Secure Device certificates. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on September 12, 2019. 40 Copyright Notice 42 Copyright (c) 2019 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (https://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 3 59 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 3 60 2.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. The Basic PKI feature set . . . . . . . . . . . . . . . . . . 4 63 4. Getting started and the Root level . . . . . . . . . . . . . 4 64 4.1. Setting up the Environment . . . . . . . . . . . . . . . 5 65 4.2. Create the Root Certificate . . . . . . . . . . . . . . . 6 66 5. The Intermediate level . . . . . . . . . . . . . . . . . . . 7 67 5.1. Setting up the Intermediate Certificate Environment . . . 7 68 5.2. Create the Intermediate Certificate . . . . . . . . . . . 8 69 5.3. Create a Server EE Certificate . . . . . . . . . . . . . 10 70 5.4. Create a Client EE Certificate . . . . . . . . . . . . . 10 71 6. The 802.1AR Intermediate level . . . . . . . . . . . . . . . 11 72 6.1. Setting up the 802.1AR Intermediate Certificate 73 Environment . . . . . . . . . . . . . . . . . . . . . . . 11 74 6.2. Create the 802.1AR Intermediate Certificate . . . . . . . 12 75 6.3. Create an 802.1AR iDevID Certificate . . . . . . . . . . 14 76 7. Setting up a CRL for an Intermediate CA . . . . . . . . . . . 15 77 7.1. Create (or recreate) the CRL . . . . . . . . . . . . . . 15 78 7.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 15 79 8. Setting up OCSP for an Intermediate CA . . . . . . . . . . . 16 80 8.1. Create the OCSP Certificate . . . . . . . . . . . . . . . 16 81 8.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 18 82 8.3. Testing OCSP with Openssl . . . . . . . . . . . . . . . . 18 83 9. Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 18 84 9.1. Certificate Serial Number . . . . . . . . . . . . . . . . 19 85 9.2. Some OpenSSL config file limitations . . . . . . . . . . 19 86 9.3. subjectAltName support, or lack thereof . . . . . . . . . 20 87 9.4. DER support, or lack thereof . . . . . . . . . . . . . . 20 88 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 89 11. Security Considerations . . . . . . . . . . . . . . . . . . . 21 90 11.1. Adequate Randomness . . . . . . . . . . . . . . . . . . 21 91 11.2. Key pair Theft . . . . . . . . . . . . . . . . . . . . . 21 92 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 93 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 94 13.1. Normative References . . . . . . . . . . . . . . . . . . 22 95 13.2. Informative References . . . . . . . . . . . . . . . . . 22 96 Appendix A. OpenSSL config files . . . . . . . . . . . . . . . . 23 97 A.1. OpenSSL Root config file . . . . . . . . . . . . . . . . 23 98 A.2. OpenSSL Intermediate config file . . . . . . . . . . . . 25 99 A.3. OpenSSL 802.1AR Intermediate config file . . . . . . . . 29 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 102 1. Introduction 104 The IETF has a plethora of security solutions targeted at IoT. Yet 105 all too many IoT products are deployed with no or improperly 106 configured security. In particular resource constrained IoT devices 107 and non-IP IoT networks have not been well served in the IETF. 109 Additionally, more IETF (e.g. DOTS, NETCONF) efforts are requiring 110 secure identities, but are vague on the nature of these identities 111 other than to recommend use of X.509 digital certificates and perhaps 112 TLS. 114 This effort provides the steps, using the openSSL application, to 115 create such a PKI of ECDSA certificates. The goal is that any 116 developer or tester can follow these steps, create the basic objects 117 needed and establish the validity of the standard/program design. 118 This guide can even be used to create a production PKi, though 119 additional steps need to be taken. This could be very useful to a 120 small vendor needing to include 802.1AR [IEEE.802.1AR_2009] iDevIDs 121 in their product. 123 This guide was tested with openSSL 1.1.0f on Fedora 26 and creates 124 PEM-based certificates. DER based certificates fails (see 125 Section 9.4). 127 2. Terms and Definitions 129 2.1. Requirements Terminology 131 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 132 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 133 document are to be interpreted as described in RFC 2119 [RFC2119]. 135 2.2. Notations 137 This section will contain notations 139 2.3. Definitions 141 There are no draft specific definitions at this time 143 3. The Basic PKI feature set 145 A basic pki has two levels of hierarchy: Root and Intermediate. The 146 Root level has the greatest risk, and is the least used. It only 147 signs the Intermediate level signing certificate. As such, once the 148 Root level is created and signs the Intermediate level certificate it 149 can be locked up. In fact, the Root level could exist completely on 150 a mSD boot card for an ARM small computer like a RaspberryPi. A copy 151 of this card came be made and securely stored in a different 152 location. 154 The Root level contains the Root certificate private key, a database 155 of all signed certificates, and the public certificate. It can also 156 contain the Intermediate level public certificate and a Root level 157 CRL. 159 The Intermediate level contains the Intermediate certificate private 160 key, the public certificate, a database of all signed certificates, 161 the certificate trust chain, and Intermediate level CRL. It can also 162 contain the End Entity public certificates. The private key file 163 needs to be keep securely. For example as with the Root level, a mSD 164 image for an ARM computer could contain the complete Intermediate 165 level. This image is kept offline. The End Entity CSR is copied to 166 it, signed, and then the signed certificate and updated database are 167 moved to the public image that lacks the private key. 169 For a simple test pki, all files can be kept on a single system that 170 is managed by the tester. 172 End Entities create a key pair and a Certificate Signing Request 173 (CSR). The private key is stored securely. The CSR is delivered to 174 the Intermediate level which uses the CSR to create the End Entity 175 certificate. This certificate, along with the trust chain back to 176 the root, is then returned to the End Entity. 178 There is more to a pki, but this suffices for most development and 179 testing needs. 181 4. Getting started and the Root level 183 This guide was developed on a Fedora 26 armv7hl system (Cubieboard2 184 SoC). It should work on most Linux and similar systems. All work 185 was done in a terminal window with extensive "cutting and pasting" 186 from a draft guide into the terminal window. Users of this guide may 187 find different behaviors based on their system. 189 4.1. Setting up the Environment 191 The first step is to create the pki environment. Modify the 192 variables to suit your needs. 194 # edit directory here, or override 195 export cadir=${cadir-/root/ca} 196 export rootca=${cadir}/root 197 export cfgdir=${cfgdir-$cadir} 198 export intdir=${cadir}/intermediate 199 export int1ardir=${cadir}/inter_1ar 200 export format=pem 201 export default_crl_days=65 203 mkdir -p $cadir/certs 204 mkdir -p $rootca 205 (cd $rootca 206 mkdir -p certs crl csr newcerts private 207 chmod 700 private 208 touch index.txt index.txt.attr 209 if [ ! -f serial ]; then echo 00 >serial; fi 210 ) 212 sn=8 214 # edit these to suit 215 countryName="/C=US" 216 stateOrProvinceName="/ST=MI" 217 localityName="/L=Oak Park" 218 organizationName="/O=HTT Consulting" 219 #organizationalUnitName="/OU=" 220 organizationalUnitName= 221 commonName="/CN=Root CA" 222 DN=$countryName$stateOrProvinceName$localityName 223 DN=$DN$organizationName$organizationalUnitName$commonName 225 echo $DN 226 export subjectAltName=email:postmaster@htt-consult.com 228 export default_crl_days=2048 230 Where: 232 dir 233 Directory for certificate files 235 cadir 236 Directory for Root certificate files 238 Format 239 File encoding: PEM or DER 240 At this time only PEM works 242 sn 243 Serial Number length in bytes 244 For a public CA the range is 8 to 19 246 The Serial Number length for a public pki ranges from 8 to 19 bytes. 247 The use of 19 rather than 20 is to accommodate the hex representation 248 of the Serial Number. If it has a one in the high order bit, DER 249 encoding rules will place a 0x00 in front. 251 The DN and SAN fields are examples. Change them to appropriate 252 values. If you leave one blank, it will be left out of the 253 Certificate. "OU" above is an example of an empty DN object. 255 Create the file, $dir/openssl-root.cnf from the contents in 256 Appendix A.1. 258 4.2. Create the Root Certificate 260 Next are the openssl commands to create the Root certificate keypair, 261 and the Root certificate. Included are commands to view the file 262 contents. 264 # Create passworded keypair file 266 if [ ! -f $rootca/private/ca.key.$format ]; then 267 echo GENERATING KEY 268 openssl genpkey $pass -aes256 -algorithm ec\ 269 -pkeyopt ec_paramgen_curve:prime256v1\ 270 -outform $format -pkeyopt ec_param_enc:named_curve\ 271 -out $rootca/private/ca.key.$format 272 chmod 400 $rootca/private/ca.key.$format 273 openssl pkey $passin -inform $format -in $rootca/private/ca.key.$format\ 274 -text -noout 275 fi 277 # Create Self-signed Root Certificate file 278 # 7300 days = 20 years; Intermediate CA is 10 years. 280 echo GENERATING and SIGNING REQ 281 openssl req -config $cfgdir/openssl-root.cnf $passin \ 282 -set_serial 0x$(openssl rand -hex $sn)\ 283 -keyform $format -outform $format\ 284 -key $rootca/private/ca.key.$format -subj "$DN"\ 285 -new -x509 -days 7300 -sha256 -extensions v3_ca\ 286 -out $cadir/certs/ca.cert.$format 288 # 290 openssl x509 -inform $format -in $cadir/certs/ca.cert.$format\ 291 -text -noout 292 openssl x509 -purpose -inform $format\ 293 -in $cadir/certs/ca.cert.$format -inform $format 295 5. The Intermediate level 297 5.1. Setting up the Intermediate Certificate Environment 299 The next part is to create the Intermediate pki environment. Modify 300 the variables to suit your needs. In particular, set the variables 301 for CRL and/or OCSP support. 303 export intdir=${intdir-$cadir/intermediate} 304 mkdir -p $intdir 306 ( 307 cd $intdir 308 mkdir -p certs crl csr newcerts private 309 chmod 700 private 310 touch index.txt index.txt.attr 311 if [ ! -f serial ]; then echo 00 >serial; fi 312 ) 314 sn=8 # hex 8 is minimum, 19 is maximum 315 echo 1000 > $intdir/crlnumber 317 # cd $dir 318 export crlDP= 319 # For CRL support use uncomment these: 320 #crl=intermediate.crl.pem 321 #crlurl=www.htt-consult.com/pki/$crl 322 #export crlDP="URI:http://$crlurl" 323 export default_crl_days=30 324 export ocspIAI= 325 # For OCSP support use uncomment these: 326 #ocspurl=ocsp.htt-consult.com 327 #export ocspIAI="OCSP;URI:http://$ocspurl" 329 commonName="/CN=Signing CA" 330 DN=$countryName$stateOrProvinceName$localityName$organizationName 331 DN=$DN$organizationalUnitName$commonName 332 echo $DN 334 Create the file, $dir/openssl-intermediate.cnf from the contents in 335 Appendix A.2. Uncomment lines for crlDistributionPoints and 336 authorityInfoAccess if using CRLs or OSCP repectfully. 338 5.2. Create the Intermediate Certificate 340 Here are the openssl commands to create the Intermediate certificate 341 keypair, Intermediate certificate signed request (CSR), and the 342 Intermediate certificate. Included are commands to view the file 343 contents. 345 # Create passworded keypair file 347 if [ ! -f $intdir/private/intermediate.key.$format ]; then 348 echo GENERATING intermediate KEY 349 openssl genpkey $pass -aes256 -algorithm ec \ 350 -pkeyopt ec_paramgen_curve:prime256v1 \ 351 -outform $format -pkeyopt ec_param_enc:named_curve\ 352 -out $intdir/private/intermediate.key.$format 353 chmod 400 $intdir/private/intermediate.key.$format 354 openssl pkey $passin -inform $format\ 355 -in $intdir/private/intermediate.key.$format -text -noout 356 fi 358 # Create the CSR 360 echo GENERATING and SIGNING REQ intermediate 361 openssl req -config $cfgdir/openssl-root.cnf $passin \ 362 -key $intdir/private/intermediate.key.$format -batch \ 363 -keyform $format -outform $format -subj "$DN" -new -sha256\ 364 -out $intdir/csr/intermediate.csr.$format 365 openssl req -text -noout -verify -inform $format\ 366 -in $intdir/csr/intermediate.csr.$format 368 # Create Intermediate Certificate file 370 openssl rand -hex $sn > $intdir/serial # hex 8 is minimum, 19 is maximum 372 if [ ! -f $cadir/certs/intermediate.cert.pem ]; then 373 # Note 'openssl ca' does not support DER format 374 openssl ca -config $cfgdir/openssl-root.cnf -days 3650 $passin \ 375 -extensions v3_intermediate_ca -notext -md sha256 -batch \ 376 -in $intdir/csr/intermediate.csr.$format\ 377 -out $cadir/certs/intermediate.cert.pem 378 chmod 444 $cadir/certs/intermediate.cert.$format 379 rm -f $cadir/certs/ca-chain.cert.$format 380 fi 382 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 383 $cadir/certs/intermediate.cert.$format 385 openssl x509 -noout -text -in $cadir/certs/intermediate.cert.$format 387 # Create the certificate chain file 389 if [ ! -f $cadir/certs/ca-chain.cert.$format ]; then 390 cat $cadir/certs/intermediate.cert.$format\ 391 $cadir/certs/ca.cert.$format > $cadir/certs/ca-chain.cert.$format 392 chmod 444 $cadir/certs/ca-chain.cert.$format 393 fi 394 5.3. Create a Server EE Certificate 396 Here are the openssl commands to create a Server End Entity 397 certificate keypair, Server certificate signed request (CSR), and the 398 Server certificate. Included are commands to view the file contents. 400 commonName= 401 DN=$countryName$stateOrProvinceName$localityName 402 DN=$DN$organizationName$organizationalUnitName$commonName 403 echo $DN 404 serverfqdn=www.example.com 405 emailaddr=postmaster@htt-consult.com 406 export subjectAltName="DNS:$serverfqdn, email:$emailaddr" 407 echo $subjectAltName 408 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 409 -pkeyopt ec_param_enc:named_curve\ 410 -out $dir/private/$serverfqdn.key.$format 411 chmod 400 $dir/private/$serverfqdn.$format 412 openssl pkey -in $dir/private/$serverfqdn.key.$format -text -noout 413 openssl req -config $dir/openssl-intermediate.cnf\ 414 -key $dir/private/$serverfqdn.key.$format \ 415 -subj "$DN" -new -sha256 -out $dir/csr/$serverfqdn.csr.$format 417 openssl req -text -noout -verify -in $dir/csr/$serverfqdn.csr.$format 419 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 420 # Note 'openssl ca' does not support DER format 421 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 422 -extensions server_cert -notext -md sha256 \ 423 -in $dir/csr/$serverfqdn.csr.$format\ 424 -out $dir/certs/$serverfqdn.cert.$format 425 chmod 444 $dir/certs/$serverfqdn.cert.$format 427 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 428 $dir/certs/$serverfqdn.cert.$format 429 openssl x509 -noout -text -in $dir/certs/$serverfqdn.cert.$format 431 5.4. Create a Client EE Certificate 433 Here are the openssl commands to create a Client End Entity 434 certificate keypair, Client certificate signed request (CSR), and the 435 Client certificate. Included are commands to view the file contents. 437 commonName= 438 UserID="/UID=rgm" 439 DN=$countryName$stateOrProvinceName$localityName 440 DN=$DN$organizationName$organizationalUnitName$commonName$UserID 441 echo $DN 442 clientemail=rgm@example.com 444 export subjectAltName="email:$clientemail" 445 echo $subjectAltName 447 if [ ! -f $intdir/private/$clientemail.key.$format ]; then 448 openssl genpkey $pass -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 449 -pkeyopt ec_param_enc:named_curve\ 450 -out $intdir/private/$clientemail.key.$format 451 chmod 400 $intdir/private/$clientemail.key.$format 452 openssl pkey $passin -in $intdir/private/$clientemail.key.$format -text -noout 453 fi 455 openssl req -config $cfgdir/openssl-intermediate.cnf $passin \ 456 -key $intdir/private/$clientemail.key.$format \ 457 -subj "$DN" -new -sha256 -out $intdir/csr/$clientemail.csr.$format 459 openssl req -text -noout -verify\ 460 -in $intdir/csr/$clientemail.csr.$format 462 openssl rand -hex $sn > $intdir/serial # hex 8 is minimum, 19 is maximum 463 # Note 'openssl ca' does not support DER format 464 openssl ca -config $cfgdir/openssl-intermediate.cnf -days 375\ 465 -extensions usr_cert -notext -md sha256 $passin \ 466 -in $intdir/csr/$clientemail.csr.$format -batch\ 467 -out $cadir/certs/$clientemail.cert.$format 468 chmod 444 $cadir/certs/$clientemail.cert.$format 470 openssl verify -CAfile $cadir/certs/ca-chain.cert.$format\ 471 $cadir/certs/$clientemail.cert.$format 472 openssl x509 -noout -text -in $cadir/certs/$clientemail.cert.$format 474 6. The 802.1AR Intermediate level 476 6.1. Setting up the 802.1AR Intermediate Certificate Environment 478 The next part is to create the 802.1AR Intermediate pki environment. 479 This is very similar to the Intermediate pki environment. Modify the 480 variables to suit your needs. 482 export dir=$cadir/8021ARintermediate 483 mkdir $dir 484 cd $dir 485 mkdir certs crl csr newcerts private 486 chmod 700 private 487 touch index.txt 488 sn=8 # hex 8 is minimum, 19 is maximum 489 echo 1000 > $dir/crlnumber 491 # cd $dir 492 export crlDP= 493 # For CRL support use uncomment these: 494 #crl=8021ARintermediate.crl.pem 495 #crlurl=www.htt-consult.com/pki/$crl 496 #export crlDP="URI:http://$crlurl" 497 export default_crl_days=30 498 export ocspIAI= 499 # For OCSP support use uncomment these: 500 #ocspurl=ocsp.htt-consult.com 501 #export ocspIAI="OCSP;URI:http://$ocspurl" 503 countryName="/C=US" 504 stateOrProvinceName="/ST=MI" 505 localityName="/L=Oak Park" 506 organizationName="/O=HTT Consulting" 507 organizationalUnitName="/OU=Devices" 508 #organizationalUnitName= 509 commonName="/CN=802.1AR CA" 510 DN=$countryName$stateOrProvinceName$localityName$organizationName 511 DN=$DN$organizationalUnitName$commonName 512 echo $DN 513 export subjectAltName=email:postmaster@htt-consult.com 514 echo $subjectAltName 516 Create the file, $dir/openssl-8021ARintermediate.cnf from the 517 contents in Appendix A.3. Uncomment lines for crlDistributionPoints 518 and authorityInfoAccess if using CRLs or OSCP repectfully. 520 6.2. Create the 802.1AR Intermediate Certificate 522 Here are the openssl commands to create the 802.1AR Intermediate 523 certificate keypair, 802.1AR Intermediate certificate signed request 524 (CSR), and the 802.1AR Intermediate certificate. Included are 525 commands to view the file contents. 527 # Create passworded keypair file 529 openssl genpkey -aes256 -algorithm ec\ 530 -pkeyopt ec_paramgen_curve:prime256v1 \ 531 -outform $format -pkeyopt ec_param_enc:named_curve\ 532 -out $dir/private/8021ARintermediate.key.$format 533 chmod 400 $dir/private/8021ARintermediate.key.$format 534 openssl pkey -inform $format\ 535 -in $dir/private/8021ARintermediate.key.$format -text -noout 537 # Create the CSR 539 openssl req -config $cadir/openssl-root.cnf\ 540 -key $dir/private/8021ARintermediate.key.$format \ 541 -keyform $format -outform $format -subj "$DN" -new -sha256\ 542 -out $dir/csr/8021ARintermediate.csr.$format 543 openssl req -text -noout -verify -inform $format\ 544 -in $dir/csr/8021ARintermediate.csr.$format 546 # Create 802.1AR Intermediate Certificate file 547 # The following does NOT work for DER 549 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 550 # Note 'openssl ca' does not support DER format 551 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 552 -extensions v3_intermediate_ca -notext -md sha256\ 553 -in $dir/csr/8021ARintermediate.csr.$format\ 554 -out $dir/certs/8021ARintermediate.cert.pem 556 chmod 444 $dir/certs/8021ARintermediate.cert.$format 558 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 559 $dir/certs/8021ARintermediate.cert.$format 561 openssl x509 -noout -text\ 562 -in $dir/certs/8021ARintermediate.cert.$format 564 # Create the certificate chain file 566 cat $dir/certs/8021ARintermediate.cert.$format\ 567 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 568 chmod 444 $dir/certs/ca-chain.cert.$format 570 6.3. Create an 802.1AR iDevID Certificate 572 Here are the openssl commands to create a 802.1AR iDevID certificate 573 keypair, iDevID certificate signed request (CSR), and the iDevID 574 certificate. Included are commands to view the file contents. 576 DevID=Wt1234 577 countryName= 578 stateOrProvinceName= 579 localityName= 580 organizationName="/O=HTT Consulting" 581 organizationalUnitName="/OU=Devices" 582 commonName= 583 serialNumber="/serialNumber=$DevID" 584 DN=$countryName$stateOrProvinceName$localityName 585 DN=$DN$organizationName$organizationalUnitName$commonName 586 DN=$DN$serialNumber 587 echo $DN 589 # hwType is OID for HTT Consulting, devices, sensor widgets 590 export hwType=1.3.6.1.4.1.6715.10.1 591 export hwSerialNum=01020304 # Some hex 592 export subjectAltName="otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname" 593 echo $hwType - $hwSerialNum 595 if [ ! -f $dir/private/$DevID.key.$format ]; then 596 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 597 -pkeyopt ec_param_enc:named_curve\ 598 -out $dir/private/$DevID.key.$format 599 chmod 400 $dir/private/$DevID.key.$format 600 fi 602 openssl pkey -in $dir/private/$DevID.key.$format -text -noout 603 openssl req -config $cfgdir/openssl-8021ARintermediate.cnf\ 604 -key $dir/private/$DevID.key.$format \ 605 -subj "$DN" -new -sha256 -out $dir/csr/$DevID.csr.$format 607 openssl req -text -noout -verify\ 608 -in $dir/csr/$DevID.csr.$format 609 openssl asn1parse -i -in $dir/csr/$DevID.csr.pem 610 # offset of start of hardwareModuleName and use that in place of 189 611 openssl asn1parse -i -strparse 189 -in $dir/csr/$DevID.csr.pem 613 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 614 # Note 'openssl ca' does not support DER format 615 openssl ca -config $cfgdir/openssl-8021ARintermediate.cnf -days 375\ 616 -extensions 8021ar_idevid -notext -md sha256 \ 617 -in $dir/csr/$DevID.csr.$format\ 618 -out $dir/certs/$DevID.cert.$format 619 chmod 444 $dir/certs/$DevID.cert.$format 621 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 622 $dir/certs/$DevID.cert.$format 623 openssl x509 -noout -text -in $dir/certs/$DevID.cert.$format 624 openssl asn1parse -i -in $dir/certs/$DevID.cert.pem 626 # offset of start of hardwareModuleName and use that in place of 493 627 openssl asn1parse -i -strparse 493 -in $dir/certs/$DevID.cert.pem 629 7. Setting up a CRL for an Intermediate CA 631 This part provides CRL support to an Intermediate CA. In this memo 632 it applies to both Intermediate CAs. Set the crlDistributionPoints 633 as provided via the environment variables. 635 7.1. Create (or recreate) the CRL 637 It is simple to create the CRL. The CRL consists of the certificates 638 flagged with an R (Revoked) in index.txt: 640 # Select which Intermediate level 641 intermediate=intermediate 642 #intermediate=8021ARintermediate 643 dir=$cadir/$intermediate 644 crl=$intermediate.crl.pem 646 # Create CRL file 647 openssl ca -config $dir/openssl-$intermediate.cnf \ 648 -gencrl -out $dir/crl/$crl 649 chmod 444 $dir/crl/$crl 651 openssl crl -in $dir/crl/$crl -noout -text 653 7.2. Revoke a Certificate 655 Revoking a certificate is a two step process. First identify the 656 target certificate, examples are listed below. Revoke it then 657 publish a new CRL. 659 targetcert=fqdn 660 #targetcert=clientemail 661 #targetcert=DevID 663 openssl ca -config $dir/openssl-$intermediate.cnf\ 664 -revoke $dir/certs/$targetcert.cert.$format 666 Recreate the CRL using Section 7.1. 668 8. Setting up OCSP for an Intermediate CA 670 This part provides OCSP support to an Intermediate CA. In this memo 671 it applies to both Intermediate CAs. Set the authorityInfoAccess as 672 provided via the environment variables. 674 8.1. Create the OCSP Certificate 676 OCSP needs a signing certificate. This certificate must be signed by 677 the CA that signed the certificate being checked. The steps to 678 create this certificate is the similar to a Server certificate for 679 the CA: 681 # Select which Intermediate level 682 intermediate=intermediate 683 #intermediate=8021ARintermediate 684 # Optionally, password encrypt key pair 685 encryptkey= 686 #encryptkey=-aes256 688 # Create the key pair in Intermediate level $intermediate 689 cd $dir 690 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 691 $encryptkey -pkeyopt ec_param_enc:named_curve\ 692 -out $dir/private/$ocspurl.key.$format 693 chmod 400 $dir/private/$ocspurl.$format 694 openssl pkey -in $dir/private/$ocspurl.key.$format -text -noout 696 # Create CSR 697 commonName= 698 DN=$countryName$stateOrProvinceName$localityName 699 DN=$DN$organizationName$organizationalUnitName$commonName 700 echo $DN 701 emailaddr=postmaster@htt-consult.com 702 export subjectAltName="DNS:$ocspurl, email:$emailaddr" 703 echo $subjectAltName 704 openssl req -config $dir/openssl-$intermediate.cnf\ 705 -key $dir/private/$ocspurl.key.$format \ 706 -subj "$DN" -new -sha256 -out $dir/csr/$ocspurl.csr.$format 708 openssl req -text -noout -verify -in $dir/csr/$ocspurl.csr.$format 710 # Create Certificate 712 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 713 # Note 'openssl ca' does not support DER format 714 openssl ca -config $dir/openssl-$intermediate.cnf -days 375\ 715 -extensions ocsp -notext -md sha256 \ 716 -in $dir/csr/$ocspurl.csr.$format\ 717 -out $dir/certs/$ocspurl.cert.$format 718 chmod 444 $dir/certs/$ocspurl.cert.$format 720 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 721 $dir/certs/$ocspurl.cert.$format 722 openssl x509 -noout -text -in $dir/certs/$ocspurl.cert.$format 724 8.2. Revoke a Certificate 726 Revoke the certificate as in Section 7.2. The OCSP responder SHOULD 727 detect the flag change in index.txt and, when queried respond 728 appropriately. 730 8.3. Testing OCSP with Openssl 732 OpenSSL provides a simple OCSP service that can be used to test the 733 OCSP certificate and revocation process (Note that this only reads 734 the index.txt to get the certificate status at startup). 736 In a terminal window, set variables dir and ocspurl (examples below), 737 then run the simple OCSP service: 739 dir=/root/ca/intermediate 740 ocspurl=ocsp.htt-consult.com 742 openssl ocsp -port 2560 -text -rmd sha256\ 743 -index $dir/index.txt \ 744 -CA $dir/certs/ca-chain.cert.pem \ 745 -rkey $dir/private/$ocspurl.key.pem \ 746 -rsigner $dir/certs/$ocspurl.cert.pem \ 747 -nrequest 1 749 In another window, test out a certificate status with: 751 targetcert=fqdn 752 #targetcert=clientemail 753 #targetcert=DevID 755 openssl ocsp -CAfile $dir/certs/ca-chain.cert.pem \ 756 -url http://127.0.0.1:2560 -resp_text -sha256\ 757 -issuer $dir/certs/$intermediate.cert.pem \ 758 -cert $dir/certs/$targetcert.cert.pem 760 Revoke the certificate, Section 7.2, restart the test Responder again 761 as above, then check the certificate status. 763 9. Footnotes 765 Creating this document was a real education in the state of openSSL, 766 X.509 certificate guidance, and just general level of certificate 767 awareness. Here are a few short notes. 769 9.1. Certificate Serial Number 771 The certificate serial number's role is to provide yet another way to 772 maintain uniqueness of certificates within a pki as well as a way to 773 index them in a data store. It has taken on other roles, most 774 notably as a defense. 776 The CABForum guideline for a public CA is for the serial number to be 777 a random number at least 8 octets long and no longer than 20 bytes. 778 By default, openssl makes self-signed certificates with 8 octet 779 serial numbers. This guide uses openssl's RAND function to generate 780 the random value and pipe it into the -set_serial option. This 781 number MAY have the first bit as a ONE; the DER encoding rules 782 prepend such numbers with 0x00. Thus the limit of '19' for the 783 variable 'ns'. 785 A private CA need not follow the CABForum rules and can use anything 786 number for the serial number. For example, the root CA (which has no 787 security risks mitigated by using a random value) could use '1' as 788 its serial number. Intermediate and End Entity certificate serial 789 numbers can also be of any value if a strong hash, like SHA256 used 790 here. A value of 4 for ns would provide a sufficient population so 791 that a CA of 10,000 EE certificates will have only a 1.2% probability 792 of a collision. For only 1,000 certificates the probability drops to 793 0.012%. 795 The following was proposed on the openssl-user list as an alternative 796 to using the RAND function: 798 Keep k bits (k/8 octets) long serial numbers for all your 799 certificates, chose a block cipher operating on blocks of k bits, and 800 operate this block cipher in CTR mode, with a proper secret key and 801 secret starting counter. That way, no collision detection is 802 necessary, you'll be able to generate 2^(k/2) unique k bits longs 803 serial numbers (in fact, you can generate 2^k unique serial numbers, 804 but after 2^(k/2) you lose some security guarantees). 806 With 3DES, k=64, and with AES, k=128. 808 9.2. Some OpenSSL config file limitations 810 There is a bit of inconsistency in how different parts and fields in 811 the config file are used. Environment variables can only be used as 812 values. Some fields can have null values, others cannot. The lack 813 of allowing null fields means a script cannot feed in an environment 814 variable with value null. In such a case, the field has to be 815 removed from the config file. 817 The expectation is each CA within a PKI has its own config file, 818 customized to the certificates supported by that CA. 820 9.3. subjectAltName support, or lack thereof 822 There is no direct openssl command line option to provide a 823 subjectAltName for a certificate. This is a serious limitation. Per 824 RFC 2818 [RFC2818] SAN is the object for providing email addresses 825 and DNS addresses (FQDN), yet the common practice has been to use the 826 commonName object within the distinguishedName object. How much of 827 this is due to the difficulty in creating certificates with a SAN? 829 Thus the only way to provide a SAN is through the config file. And 830 there are two approaches. This document uses an environment variable 831 to provide the SAN value into the config file. Another approach is 832 to use piping as in: 834 openssl req -new -sha256 -key domain.key\ 835 -subj "/C=US/ST=CA/O=Acme, Inc./CN=foo.com" -reqexts SAN\ 836 -config <(cat /etc/ssl/openssl.cnf\ 837 <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))\ 838 -out domain.csr 840 9.4. DER support, or lack thereof 842 The long, hard-fought battle with openssl to create a full DER pki 843 failed. The is no facility to create a DER certificate from a DER 844 CSR. It just is not there in the 'openssl ca' command. Even the 845 'openssl x509 -req' command cannot do this for a simple certificate. 847 Further, there is no 'hack' for making a certificate chain as there 848 is with PEM. With PEM a simple concatenation of the certificates 849 create a usable certificate chain. For DER, some recommend using 850 PKCS#7 [RFC2315], where others point out that this format is poorly 851 support 'in the field', whereas PKCS#12 [RFC7292] works for them. 853 Finally, openssl does supports converting a PEM certificate to DER: 855 openssl x509 -outform der -in certificate.pem -out certificate.der 857 This should also work for the keypair. However, in a highly 858 constrained device it may make more sense to just store the raw 859 keypair in the device's very limited secure storage. 861 10. IANA Considerations 863 TBD. May be nothing for IANA. 865 11. Security Considerations 867 11.1. Adequate Randomness 869 Creating certificates takes a lot of random numbers. A good source 870 of random numbers is critical. Studies [WeakKeys] have found 871 excessive amount of certificates, all with the same keys due to bad 872 randomness on the generating systems. The amount of entropy 873 available for these random numbers can be tested. On Fedora/Centos 874 and most Linux systems use: 876 cat /proc/sys/kernel/random/entropy_avail 878 If the value is low (below 1000) check your system's randomness 879 source. Is rng-tools installed? Consider adding an entropy 880 collection service like haveged from issihosts.com/haveged. 882 11.2. Key pair Theft 884 During the certificate creation, particularly during keypair 885 generation, the files are vulnerable to theft. This can be mitigate 886 using umask. Before using openssl, set umask: 888 restore_mask=$(umask -p) 889 umask 077 891 Afterwards, restore it with: 893 $restore_mask 895 or just close the shell that was used, and start a new one. (The -p 896 option to umask is a bash-ism) 898 There is nothing in these recipes that requires super-user on the 899 system creating the certificates. Provided that adequate randomness 900 is available, a virtual machine or container is entirely appropriate. 901 Containers tend to have better access to randomness than virtual 902 machines. 904 The scripts and configuration files and in particular, private keys, 905 may be kept offline on a USB key for instance, and loaded when 906 needed. 908 The OCSP server needs to be online and available to all clients that 909 will use the certificates. This may mean available on the Internet. 910 A firewall can protect the OCSP server, and port-forwards and/or ACL 911 rules can restrict access to just the OCSP port. OCSP artifacts are 912 signed by a key designed for that purpose only so do not require that 913 the associated CA key be available online. 915 Generating new CRLs, however, requires that the CA signing key be 916 online, which is one of the reasons for creating an intermediate CA. 918 12. Acknowledgments 920 This work was jump started by the excellent RSA pki guide by Jamie 921 Nguyen. The openssl-user mailing list, with its many supportive 922 experts; in particular: Rich Salz, Jakob Bolm, Viktor Dukhovni, and 923 Erwann Abalea, was of immense help as was the openssl man pages 924 website. 926 Finally, "Professor Google" was always ready to point to answers to 927 questions like: "openssl subjectAltName on the command line". And 928 the Professor, it seems, never tires of answering even trivial 929 questions. 931 13. References 933 13.1. Normative References 935 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 936 Requirement Levels", BCP 14, RFC 2119, 937 DOI 10.17487/RFC2119, March 1997, 938 . 940 13.2. Informative References 942 [IEEE.802.1AR_2009] 943 IEEE, "IEEE Standard for Local and metropolitan area 944 networks - Secure Device Identity", IEEE 802.1AR-2009, 945 DOI 10.1109/ieeestd.2009.5367679, December 2009, 946 . 949 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 950 Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, 951 . 953 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 954 DOI 10.17487/RFC2818, May 2000, 955 . 957 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 958 and M. Scott, "PKCS #12: Personal Information Exchange 959 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 960 . 962 [WeakKeys] 963 Heninger, N., Durumeric, Z., Wustrow, E., and J. 964 Halderman, "Detection of Widespread Weak Keys in Network 965 Devices", July 2011, 966 . 969 Appendix A. OpenSSL config files 971 A.1. OpenSSL Root config file 973 The following is the openssl-root.cnf file contents 975 # OpenSSL root CA configuration file. 976 # Copy to `$dir/openssl.cnf`. 978 [ ca ] 979 # `man ca` 980 default_ca = CA_default 982 [ CA_default ] 983 # Directory and file locations. 984 dir = $ENV::rootca 985 cadir = $ENV::cadir 986 format = $ENV::format 988 certs = $dir/certs 989 crl_dir = $dir/crl 990 new_certs_dir = $dir/newcerts 991 database = $dir/index.txt 992 serial = $dir/serial 993 RANDFILE = $dir/private/.rand 995 # The root key and root certificate. 996 private_key = $dir/private/ca.key.$format 997 certificate = $cadir/certs/ca.cert.$format 999 # For certificate revocation lists. 1000 crlnumber = $dir/crlnumber 1001 crl = $dir/crl/ca.crl.pem 1002 crl_extensions = crl_ext 1003 default_crl_days = 30 1004 # SHA-1 is deprecated, so use SHA-2 instead. 1005 default_md = sha256 1007 name_opt = ca_default 1008 cert_opt = ca_default 1009 default_days = 375 1010 preserve = no 1011 policy = policy_strict 1012 copy_extensions = copy 1014 [ policy_strict ] 1015 # The root CA should only sign intermediate certificates that match. 1016 # See the POLICY FORMAT section of `man ca`. 1017 countryName = optional 1018 stateOrProvinceName = optional 1019 organizationName = optional 1020 organizationalUnitName = optional 1021 commonName = optional 1023 [ policy_loose ] 1024 # Allow the intermediate CA to sign a more 1025 # diverse range of certificates. 1026 # See the POLICY FORMAT section of the `ca` man page. 1027 countryName = optional 1028 stateOrProvinceName = optional 1029 localityName = optional 1030 organizationName = optional 1031 organizationalUnitName = optional 1032 commonName = optional 1034 [ req ] 1035 # Options for the `req` tool (`man req`). 1036 default_bits = 2048 1037 distinguished_name = req_distinguished_name 1038 string_mask = utf8only 1039 req_extensions = req_ext 1041 # SHA-1 is deprecated, so use SHA-2 instead. 1042 default_md = sha256 1044 # Extension to add when the -x509 option is used. 1045 x509_extensions = v3_ca 1047 [ req_distinguished_name ] 1048 # See . 1049 countryName = Country Name (2 letter code) 1050 stateOrProvinceName = State or Province Name 1051 localityName = Locality Name 1052 0.organizationName = Organization Name 1053 organizationalUnitName = Organizational Unit Name 1054 commonName = Common Name 1056 # Optionally, specify some defaults. 1057 # countryName_default = US 1058 # stateOrProvinceName_default = MI 1059 # localityName_default = Oak Park 1060 # 0.organizationName_default = HTT Consulting 1061 # organizationalUnitName_default = 1063 [ req_ext ] 1064 subjectAltName = $ENV::subjectAltName 1066 [ v3_ca ] 1067 # Extensions for a typical CA (`man x509v3_config`). 1068 subjectKeyIdentifier = hash 1069 authorityKeyIdentifier = keyid:always,issuer 1070 basicConstraints = critical, CA:true 1071 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1072 keyUsage = critical, cRLSign, keyCertSign 1073 subjectAltName = $ENV::subjectAltName 1075 [ v3_intermediate_ca ] 1076 # Extensions for a typical intermediate CA (`man x509v3_config`). 1077 subjectKeyIdentifier = hash 1078 authorityKeyIdentifier = keyid:always,issuer 1079 basicConstraints = critical, CA:true, pathlen:0 1080 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1081 keyUsage = critical, cRLSign, keyCertSign 1083 [ crl_ext ] 1084 # Extension for CRLs (`man x509v3_config`). 1085 authorityKeyIdentifier=keyid:always 1087 [ ocsp ] 1088 # Extension for OCSP signing certificates (`man ocsp`). 1089 basicConstraints = CA:FALSE 1090 subjectKeyIdentifier = hash 1091 authorityKeyIdentifier = keyid,issuer 1092 keyUsage = critical, digitalSignature 1093 extendedKeyUsage = critical, OCSPSigning 1095 A.2. OpenSSL Intermediate config file 1097 The following is the openssl-intermediate.cnf file contents. 1099 Remove the crlDistributionPoints to drop CRL support and 1100 authorityInfoAccess to drop OCSP support. 1102 # OpenSSL intermediate CA configuration file. 1103 # Copy to `$dir/intermediate/openssl-intermediate.cnf`. 1105 [ ca ] 1106 # `man ca` 1107 default_ca = CA_default 1109 [ CA_default ] 1110 # Directory and file locations. 1111 dir = $ENV::intdir 1112 cadir = $ENV::cadir 1113 format = $ENV::format 1115 certs = $dir/certs 1116 crl_dir = $dir/crl 1117 new_certs_dir = $dir/newcerts 1118 database = $dir/index.txt 1119 serial = $dir/serial 1120 RANDFILE = $dir/private/.rand 1122 # The Intermediate key and Intermediate certificate. 1123 private_key = $dir/private/intermediate.key.$format 1124 certificate = $cadir/certs/intermediate.cert.$format 1126 # For certificate revocation lists. 1127 crlnumber = $dir/crlnumber 1128 crl = $dir/crl/intermediate.crl.pem 1129 crl_extensions = crl_ext 1130 default_crl_days = $ENV::default_crl_days 1132 # SHA-1 is deprecated, so use SHA-2 instead. 1133 default_md = sha256 1135 name_opt = ca_default 1136 cert_opt = ca_default 1137 default_days = 375 1138 preserve = no 1139 policy = policy_loose 1140 copy_extensions = copy 1142 [ policy_strict ] 1143 # The root CA should only sign intermediate certificates that match. 1144 # See the POLICY FORMAT section of `man ca`. 1145 countryName = optional 1146 stateOrProvinceName = optional 1147 organizationName = optional 1148 organizationalUnitName = optional 1149 commonName = optional 1151 [ policy_loose ] 1152 # Allow the intermediate CA to sign a more 1153 # diverse range of certificates. 1154 # See the POLICY FORMAT section of the `ca` man page. 1155 countryName = optional 1156 stateOrProvinceName = optional 1157 localityName = optional 1158 organizationName = optional 1159 organizationalUnitName = optional 1160 commonName = optional 1161 UID = optional 1163 [ req ] 1164 # Options for the `req` tool (`man req`). 1165 default_bits = 2048 1166 distinguished_name = req_distinguished_name 1167 string_mask = utf8only 1168 req_extensions = req_ext 1170 # SHA-1 is deprecated, so use SHA-2 instead. 1171 default_md = sha256 1173 # Extension to add when the -x509 option is used. 1174 x509_extensions = v3_ca 1176 [ req_distinguished_name ] 1177 # See . 1178 countryName = Country Name (2 letter code) 1179 stateOrProvinceName = State or Province Name 1180 localityName = Locality Name 1181 0.organizationName = Organization Name 1182 organizationalUnitName = Organizational Unit Name 1183 commonName = Common Name 1184 UID = User ID 1186 # Optionally, specify some defaults. 1187 # countryName_default = US 1188 # stateOrProvinceName_default = MI 1189 # localityName_default = Oak Park 1190 # 0.organizationName_default = HTT Consulting 1191 # organizationalUnitName_default = 1193 [ req_ext ] 1194 subjectAltName = $ENV::subjectAltName 1196 [ v3_ca ] 1197 # Extensions for a typical CA (`man x509v3_config`). 1198 subjectKeyIdentifier = hash 1199 authorityKeyIdentifier = keyid:always,issuer 1200 basicConstraints = critical, CA:true 1201 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1202 keyUsage = critical, cRLSign, keyCertSign 1204 [ v3_intermediate_ca ] 1205 # Extensions for a typical intermediate CA (`man x509v3_config`). 1206 subjectKeyIdentifier = hash 1207 authorityKeyIdentifier = keyid:always,issuer 1208 basicConstraints = critical, CA:true, pathlen:0 1209 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1210 keyUsage = critical, cRLSign, keyCertSign 1212 [ usr_cert ] 1213 # Extensions for client certificates (`man x509v3_config`). 1214 basicConstraints = CA:FALSE 1215 nsCertType = client, email 1216 nsComment = "OpenSSL Generated Client Certificate" 1217 subjectKeyIdentifier = hash 1218 authorityKeyIdentifier = keyid,issuer 1219 keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment 1220 extendedKeyUsage = clientAuth, emailProtection 1221 # uncomment the following if the ENV variables set 1222 # crlDistributionPoints = $ENV::crlDP 1223 # authorityInfoAccess = $ENV::ocspIAI 1225 [ server_cert ] 1226 # Extensions for server certificates (`man x509v3_config`). 1227 basicConstraints = CA:FALSE 1228 nsCertType = server 1229 nsComment = "OpenSSL Generated Server Certificate" 1230 subjectKeyIdentifier = hash 1231 authorityKeyIdentifier = keyid,issuer:always 1232 keyUsage = critical, digitalSignature, keyEncipherment 1233 extendedKeyUsage = serverAuth 1234 # uncomment the following if the ENV variables set 1235 # crlDistributionPoints = $ENV::crlDP 1236 # authorityInfoAccess = $ENV::ocspIAI 1238 [ crl_ext ] 1239 # Extension for CRLs (`man x509v3_config`). 1240 authorityKeyIdentifier=keyid:always 1242 [ ocsp ] 1243 # Extension for OCSP signing certificates (`man ocsp`). 1245 basicConstraints = CA:FALSE 1246 subjectKeyIdentifier = hash 1247 authorityKeyIdentifier = keyid,issuer 1248 keyUsage = critical, digitalSignature 1249 extendedKeyUsage = critical, OCSPSigning 1251 A.3. OpenSSL 802.1AR Intermediate config file 1253 The following is the openssl-8021ARintermediate.cnf file contents. 1255 Remove the crlDistributionPoints to drop CRL support and 1256 authorityInfoAccess to drop OCSP support. 1258 # OpenSSL 8021ARintermediate CA configuration file. 1259 # Copy to `$dir/8021ARintermediate/openssl-8021ARintermediate.cnf`. 1261 [ ca ] 1262 # `man ca` 1263 default_ca = CA_default 1265 [ CA_default ] 1266 # Directory and file locations. 1267 # dir = /root/ca/8021ARintermediate 1268 dir = $ENV::dir 1269 cadir = $ENV::cadir 1270 format = $ENV::format 1272 certs = $dir/certs 1273 crl_dir = $dir/crl 1274 new_certs_dir = $dir/newcerts 1275 database = $dir/index.txt 1276 serial = $dir/serial 1277 RANDFILE = $dir/private/.rand 1279 # The root key and root certificate. 1280 private_key = $dir/private/8021ARintermediate.key.$format 1281 certificate = $dir/certs/8021ARintermediate.cert.$format 1283 # For certificate revocation lists. 1284 crlnumber = $dir/crlnumber 1285 crl = $dir/crl/ca.crl.pem 1286 crl_extensions = crl_ext 1287 default_crl_days = $ENV::default_crl_days 1289 # SHA-1 is deprecated, so use SHA-2 instead. 1290 default_md = sha256 1292 name_opt = ca_default 1293 cert_opt = ca_default 1294 default_enddate = 99991231235959Z # per IEEE 802.1AR 1295 preserve = no 1296 policy = policy_loose 1297 copy_extensions = copy 1299 [ policy_strict ] 1300 # The root CA should only sign 8021ARintermediate 1301 # certificates that match. 1302 # See the POLICY FORMAT section of `man ca`. 1303 countryName = match 1304 stateOrProvinceName = match 1305 organizationName = match 1306 organizationalUnitName = optional 1307 commonName = optional 1309 [ policy_loose ] 1310 # Allow the 8021ARintermediate CA to sign 1311 # a more diverse range of certificates. 1312 # See the POLICY FORMAT section of the `ca` man page. 1313 countryName = optional 1314 stateOrProvinceName = optional 1315 localityName = optional 1316 organizationName = optional 1317 organizationalUnitName = optional 1318 commonName = optional 1319 serialNumber = optional 1321 [ req ] 1322 # Options for the `req` tool (`man req`). 1323 default_bits = 2048 1324 distinguished_name = req_distinguished_name 1325 string_mask = utf8only 1326 req_extensions = req_ext 1328 # SHA-1 is deprecated, so use SHA-2 instead. 1329 default_md = sha256 1331 # Extension to add when the -x509 option is used. 1332 x509_extensions = v3_ca 1334 [ req_distinguished_name ] 1335 # See . 1336 countryName = Country Name (2 letter code) 1337 stateOrProvinceName = State or Province Name 1338 localityName = Locality Name 1339 0.organizationName = Organization Name 1340 organizationalUnitName = Organizational Unit Name 1341 commonName = Common Name 1342 serialNumber = Device Serial Number 1344 # Optionally, specify some defaults. 1345 0.organizationName_default = HTT Consulting 1346 organizationalUnitName_default = Devices 1348 [ req_ext ] 1349 subjectAltName = $ENV::subjectAltName 1351 [ hmodname ] 1352 hwType = OID:$ENV::hwType 1353 hwSerialNum = FORMAT:HEX,OCT:$ENV::hwSerialNum 1355 [ v3_ca ] 1356 # Extensions for a typical CA (`man x509v3_config`). 1357 subjectKeyIdentifier = hash 1358 authorityKeyIdentifier = keyid:always,issuer 1359 basicConstraints = critical, CA:true 1360 keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1362 [ v3_8021ARintermediate_ca ] 1363 # Extensions for a typical 1364 # 8021ARintermediate CA (`man x509v3_config`). 1365 subjectKeyIdentifier = hash 1366 authorityKeyIdentifier = keyid:always,issuer 1367 basicConstraints = critical, CA:true, pathlen:0 1368 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1369 keyUsage = critical, cRLSign, keyCertSign 1371 [ 8021ar_idevid ] 1372 # Extensions for IEEE 802.1AR iDevID 1373 # certificates (`man x509v3_config`). 1374 basicConstraints = CA:FALSE 1375 authorityKeyIdentifier = keyid,issuer:always 1376 keyUsage = critical, digitalSignature, keyEncipherment 1377 # uncomment the following if the ENV variables set 1378 # crlDistributionPoints = $ENV::crlDP 1379 # authorityInfoAccess = $ENV::ocspIAI 1381 [ crl_ext ] 1382 # Extension for CRLs (`man x509v3_config`). 1383 authorityKeyIdentifier=keyid:always 1385 [ ocsp ] 1386 # Extension for OCSP signing certificates (`man ocsp`). 1387 basicConstraints = CA:FALSE 1388 subjectKeyIdentifier = hash 1389 authorityKeyIdentifier = keyid,issuer 1390 keyUsage = critical, digitalSignature 1391 extendedKeyUsage = critical, OCSPSigning 1393 Authors' Addresses 1395 Robert Moskowitz 1396 HTT Consulting 1397 Oak Park, MI 48237 1399 Email: rgm@labs.htt-consult.com 1401 Henk Birkholz 1402 Fraunhofer SIT 1403 Rheinstrasse 75 1404 Darmstadt 64295 1405 Germany 1407 Email: henk.birkholz@sit.fraunhofer.de 1409 Liang Xia 1410 Huawei 1411 No. 101, Software Avenue, Yuhuatai District 1412 Nanjing 1413 China 1415 Email: Frank.xialiang@huawei.com 1417 Michael C. Richardson 1418 Sandelman Software Works 1420 Email: mcr+ietf@sandelman.ca 1421 URI: http://www.sandelman.ca/