idnits 2.17.1 draft-moskowitz-ecdsa-pki-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 4 instances of too long lines in the document, the longest one being 10 characters in excess of 72. == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 14, 2020) is 1526 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 wg TBD R. Moskowitz 3 Internet-Draft HTT Consulting 4 Intended status: Informational H. Birkholz 5 Expires: August 17, 2020 Fraunhofer SIT 6 L. Xia 7 Huawei 8 M. Richardson 9 Sandelman 10 February 14, 2020 12 Guide for building an ECC pki 13 draft-moskowitz-ecdsa-pki-08 15 Abstract 17 This memo provides a guide for building a PKI (Public Key 18 Infrastructure) using openSSL. All certificates in this guide are 19 ECDSA, P-256, with SHA256 certificates. Along with common End Entity 20 certificates, this guide provides instructions for creating IEEE 21 802.1AR iDevID Secure Device certificates. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on August 17, 2020. 40 Copyright Notice 42 Copyright (c) 2020 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (https://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 3 59 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 3 60 2.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. The Basic PKI feature set . . . . . . . . . . . . . . . . . . 4 63 4. Getting started and the Root level . . . . . . . . . . . . . 4 64 4.1. Setting up the Environment . . . . . . . . . . . . . . . 5 65 4.2. Create the Root Certificate . . . . . . . . . . . . . . . 6 66 5. The Intermediate level . . . . . . . . . . . . . . . . . . . 7 67 5.1. Setting up the Intermediate Certificate Environment . . . 7 68 5.2. Create the Intermediate Certificate . . . . . . . . . . . 8 69 5.3. Create a Server EE Certificate . . . . . . . . . . . . . 10 70 5.4. Create a Client EE Certificate . . . . . . . . . . . . . 10 71 6. The 802.1AR Intermediate level . . . . . . . . . . . . . . . 11 72 6.1. Setting up the 802.1AR Intermediate Certificate 73 Environment . . . . . . . . . . . . . . . . . . . . . . . 11 74 6.2. Create the 802.1AR Intermediate Certificate . . . . . . . 12 75 6.3. Create an 802.1AR iDevID Certificate . . . . . . . . . . 14 76 7. Setting up a CRL for an Intermediate CA . . . . . . . . . . . 15 77 7.1. Create (or recreate) the CRL . . . . . . . . . . . . . . 15 78 7.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 15 79 8. Setting up OCSP for an Intermediate CA . . . . . . . . . . . 16 80 8.1. Create the OCSP Certificate . . . . . . . . . . . . . . . 16 81 8.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 18 82 8.3. Testing OCSP with Openssl . . . . . . . . . . . . . . . . 18 83 9. Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 19 84 9.1. Certificate Serial Number . . . . . . . . . . . . . . . . 19 85 9.2. Some OpenSSL config file limitations . . . . . . . . . . 20 86 9.3. subjectAltName support, or lack thereof . . . . . . . . . 20 87 9.4. DER support, or lack thereof . . . . . . . . . . . . . . 20 88 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 89 11. Security Considerations . . . . . . . . . . . . . . . . . . . 21 90 11.1. Adequate Randomness . . . . . . . . . . . . . . . . . . 21 91 11.2. Key pair Theft . . . . . . . . . . . . . . . . . . . . . 21 92 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 93 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 94 13.1. Normative References . . . . . . . . . . . . . . . . . . 22 95 13.2. Informative References . . . . . . . . . . . . . . . . . 22 96 Appendix A. OpenSSL config files . . . . . . . . . . . . . . . . 23 97 A.1. OpenSSL Root config file . . . . . . . . . . . . . . . . 23 98 A.2. OpenSSL Intermediate config file . . . . . . . . . . . . 26 99 A.3. OpenSSL 802.1AR Intermediate config file . . . . . . . . 29 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 102 1. Introduction 104 The IETF has a plethora of security solutions targeted at IoT. Yet 105 all too many IoT products are deployed with no or improperly 106 configured security. In particular resource constrained IoT devices 107 and non-IP IoT networks have not been well served in the IETF. 109 Additionally, more IETF (e.g. DOTS, NETCONF) efforts are requiring 110 secure identities, but are vague on the nature of these identities 111 other than to recommend use of X.509 digital certificates and perhaps 112 TLS. 114 This effort provides the steps, using the openSSL application, to 115 create such a PKI of ECDSA certificates. The goal is that any 116 developer or tester can follow these steps, create the basic objects 117 needed and establish the validity of the standard/program design. 118 This guide can even be used to create a production PKi, though 119 additional steps need to be taken. This could be very useful to a 120 small vendor needing to include 802.1AR [IEEE.802.1AR_2009] iDevIDs 121 in their product. 123 This guide was tested with openSSL 1.1.0f on Fedora 26 and creates 124 PEM-based certificates. DER based certificates fails (see 125 Section 9.4). 127 2. Terms and Definitions 129 2.1. Requirements Terminology 131 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 132 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 133 document are to be interpreted as described in RFC 2119 [RFC2119]. 135 2.2. Notations 137 This section will contain notations 139 2.3. Definitions 141 There are no draft specific definitions at this time 143 3. The Basic PKI feature set 145 A basic pki has two levels of hierarchy: Root and Intermediate. The 146 Root level has the greatest risk, and is the least used. It only 147 signs the Intermediate level signing certificate. As such, once the 148 Root level is created and signs the Intermediate level certificate it 149 can be locked up. In fact, the Root level could exist completely on 150 a mSD boot card for an ARM small computer like a RaspberryPI. A copy 151 of this card can be made and securely stored in a different location. 153 The Root level contains the Root certificate private key, a database 154 of all signed certificates, and the public certificate. It can also 155 contain the Intermediate level public certificate and a Root level 156 CRL. 158 The Intermediate level contains the Intermediate certificate private 159 key, the public certificate, a database of all signed certificates, 160 the certificate trust chain, and Intermediate level CRL. It can also 161 contain the End Entity public certificates. The private key file 162 needs to be keep securely. For example as with the Root level, a mSD 163 image for an ARM computer could contain the complete Intermediate 164 level. This image is kept offline. The End Entity CSR is copied to 165 it, signed, and then the signed certificate and updated database are 166 moved to the public image that lacks the private key. 168 For a simple test pki, all files can be kept on a single system that 169 is managed by the tester. 171 End Entities create a key pair and a Certificate Signing Request 172 (CSR). The private key is stored securely. The CSR is delivered to 173 the Intermediate level which uses the CSR to create the End Entity 174 certificate. This certificate, along with the trust chain back to 175 the root, is then returned to the End Entity. 177 There is more to a pki, but this suffices for most development and 178 testing needs. 180 4. Getting started and the Root level 182 This guide was developed on a Fedora 26 armv7hl system (Cubieboard2 183 SoC). It should work on most Linux and similar systems. All work 184 was done in a terminal window with extensive "cutting and pasting" 185 from a draft guide into the terminal window. Users of this guide may 186 find different behaviors based on their system. 188 4.1. Setting up the Environment 190 The first step is to create the pki environment. Modify the 191 variables to suit your needs. 193 file "setup1.sh" 195 # edit directory here, or override 196 export cadir=${cadir-/root/ca} 197 export rootca=${cadir}/root 198 export cfgdir=${cfgdir-$cadir} 199 export intdir=${cadir}/intermediate 200 export int1ardir=${cadir}/inter_1ar 201 export format=pem 202 export default_crl_days=65 204 mkdir -p $cadir/certs 205 mkdir -p $rootca 206 (cd $rootca 207 mkdir -p certs crl csr newcerts private 208 chmod 700 private 209 touch index.txt index.txt.attr 210 if [ ! -f serial ]; then echo 00 >serial; fi 211 ) 213 sn=8 215 # edit these to suit 216 countryName="/C=US" 217 stateOrProvinceName="/ST=MI" 218 localityName="/L=Oak Park" 219 organizationName="/O=HTT Consulting" 220 #organizationalUnitName="/OU=" 221 organizationalUnitName= 222 commonName="/CN=Root CA" 223 DN=$countryName$stateOrProvinceName$localityName 224 DN=$DN$organizationName$organizationalUnitName$commonName 226 echo $DN 227 export subjectAltName=email:postmaster@htt-consult.com 229 export default_crl_days=2048 230 232 Where: 234 dir 235 Directory for certificate files 237 cadir 238 Directory for Root certificate files 240 Format 241 File encoding: PEM or DER 242 At this time only PEM works 244 sn 245 Serial Number length in bytes 246 For a public CA the range is 8 to 19 248 The Serial Number length for a public pki ranges from 8 to 19 bytes. 249 The use of 19 rather than 20 is to accommodate the hex representation 250 of the Serial Number. If it has a one in the high order bit, DER 251 encoding rules will place a 0x00 in front. 253 The DN and SAN fields are examples. Change them to appropriate 254 values. If you leave one blank, it will be left out of the 255 Certificate. "OU" above is an example of an empty DN object. 257 Create the file, $dir/openssl-root.cnf from the contents in 258 Appendix A.1. 260 4.2. Create the Root Certificate 262 Next are the openssl commands to create the Root certificate keypair, 263 and the Root certificate. Included are commands to view the file 264 contents. 266 file "rootcert.sh" 267 # Create passworded keypair file 269 if [ ! -f $rootca/private/ca.key.$format ]; then 270 echo GENERATING KEY 271 openssl genpkey $pass -aes256 -algorithm ec\ 272 -pkeyopt ec_paramgen_curve:prime256v1\ 273 -outform $format -pkeyopt ec_param_enc:named_curve\ 274 -out $rootca/private/ca.key.$format 275 chmod 400 $rootca/private/ca.key.$format 276 openssl pkey $passin -inform $format -in $rootca/private/ca.key.$format\ 277 -text -noout 278 fi 280 # Create Self-signed Root Certificate file 281 # 7300 days = 20 years; Intermediate CA is 10 years. 283 echo GENERATING and SIGNING REQ 284 openssl req -config $cfgdir/openssl-root.cnf $passin \ 285 -set_serial 0x$(openssl rand -hex $sn)\ 286 -keyform $format -outform $format\ 287 -key $rootca/private/ca.key.$format -subj "$DN"\ 288 -new -x509 -days 7300 -sha256 -extensions v3_ca\ 289 -out $cadir/certs/ca.cert.$format 291 # 293 openssl x509 -inform $format -in $cadir/certs/ca.cert.$format\ 294 -text -noout 295 openssl x509 -purpose -inform $format\ 296 -in $cadir/certs/ca.cert.$format -inform $format 297 299 5. The Intermediate level 301 5.1. Setting up the Intermediate Certificate Environment 303 The next part is to create the Intermediate pki environment. Modify 304 the variables to suit your needs. In particular, set the variables 305 for CRL and/or OCSP support. 307 file "intermediate_setup.sh" 309 export intdir=${intdir-$cadir/intermediate} 310 mkdir -p $intdir 312 ( 313 cd $intdir 314 mkdir -p certs crl csr newcerts private 315 chmod 700 private 316 touch index.txt index.txt.attr 317 if [ ! -f serial ]; then echo 00 >serial; fi 318 ) 320 sn=8 # hex 8 is minimum, 19 is maximum 321 echo 1000 > $intdir/crlnumber 323 # cd $dir 324 export crlDP= 325 # For CRL support use uncomment these: 326 #crl=intermediate.crl.pem 327 #crlurl=www.htt-consult.com/pki/$crl 328 #export crlDP="URI:http://$crlurl" 329 export default_crl_days=30 330 export ocspIAI= 331 # For OCSP support use uncomment these: 332 #ocspurl=ocsp.htt-consult.com 333 #export ocspIAI="OCSP;URI:http://$ocspurl" 335 commonName="/CN=Signing CA" 336 DN=$countryName$stateOrProvinceName$localityName$organizationName 337 DN=$DN$organizationalUnitName$commonName 338 echo $DN 340 342 Create the file, $dir/openssl-intermediate.cnf from the contents in 343 Appendix A.2. Uncomment lines for crlDistributionPoints and 344 authorityInfoAccess if using CRLs or OSCP repectfully. 346 5.2. Create the Intermediate Certificate 348 Here are the openssl commands to create the Intermediate certificate 349 keypair, Intermediate certificate signed request (CSR), and the 350 Intermediate certificate. Included are commands to view the file 351 contents. 353 file "intermediate_cert.sh" 354 # Create passworded keypair file 355 if [ ! -f $intdir/private/intermediate.key.$format ]; then 356 echo GENERATING intermediate KEY 357 openssl genpkey $pass -aes256 -algorithm ec \ 358 -pkeyopt ec_paramgen_curve:prime256v1 \ 359 -outform $format -pkeyopt ec_param_enc:named_curve\ 360 -out $intdir/private/intermediate.key.$format 361 chmod 400 $intdir/private/intermediate.key.$format 362 openssl pkey $passin -inform $format\ 363 -in $intdir/private/intermediate.key.$format -text -noout 364 fi 366 # Create the CSR 368 echo GENERATING and SIGNING REQ intermediate 369 openssl req -config $cfgdir/openssl-root.cnf $passin \ 370 -key $intdir/private/intermediate.key.$format -batch \ 371 -keyform $format -outform $format -subj "$DN" -new -sha256\ 372 -out $intdir/csr/intermediate.csr.$format 373 openssl req -text -noout -verify -inform $format\ 374 -in $intdir/csr/intermediate.csr.$format 376 # Create Intermediate Certificate file 378 openssl rand -hex $sn > $intdir/serial # hex 8 is minimum, 19 is maximum 380 if [ ! -f $cadir/certs/intermediate.cert.pem ]; then 381 # Note 'openssl ca' does not support DER format 382 openssl ca -config $cfgdir/openssl-root.cnf -days 3650 $passin \ 383 -extensions v3_intermediate_ca -notext -md sha256 -batch \ 384 -in $intdir/csr/intermediate.csr.$format\ 385 -out $cadir/certs/intermediate.cert.pem 386 chmod 444 $cadir/certs/intermediate.cert.$format 387 rm -f $cadir/certs/ca-chain.cert.$format 388 fi 390 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 391 $cadir/certs/intermediate.cert.$format 393 openssl x509 -noout -text -in $cadir/certs/intermediate.cert.$format 395 # Create the certificate chain file 397 if [ ! -f $cadir/certs/ca-chain.cert.$format ]; then 398 cat $cadir/certs/intermediate.cert.$format\ 399 $cadir/certs/ca.cert.$format > $cadir/certs/ca-chain.cert.$format 400 chmod 444 $cadir/certs/ca-chain.cert.$format 401 fi 402 404 5.3. Create a Server EE Certificate 406 Here are the openssl commands to create a Server End Entity 407 certificate keypair, Server certificate signed request (CSR), and the 408 Server certificate. Included are commands to view the file contents. 410 file "end-server.sh" 412 commonName= 413 DN=$countryName$stateOrProvinceName$localityName 414 DN=$DN$organizationName$organizationalUnitName$commonName 415 echo $DN 416 serverfqdn=www.example.com 417 emailaddr=postmaster@htt-consult.com 418 export subjectAltName="DNS:$serverfqdn, email:$emailaddr" 419 echo $subjectAltName 420 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 421 -pkeyopt ec_param_enc:named_curve\ 422 -out $dir/private/$serverfqdn.key.$format 423 chmod 400 $dir/private/$serverfqdn.$format 424 openssl pkey -in $dir/private/$serverfqdn.key.$format -text -noout 425 openssl req -config $dir/openssl-intermediate.cnf\ 426 -key $dir/private/$serverfqdn.key.$format \ 427 -subj "$DN" -new -sha256 -out $dir/csr/$serverfqdn.csr.$format 429 openssl req -text -noout -verify -in $dir/csr/$serverfqdn.csr.$format 431 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 432 # Note 'openssl ca' does not support DER format 433 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 434 -extensions server_cert -notext -md sha256 \ 435 -in $dir/csr/$serverfqdn.csr.$format\ 436 -out $dir/certs/$serverfqdn.cert.$format 437 chmod 444 $dir/certs/$serverfqdn.cert.$format 439 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 440 $dir/certs/$serverfqdn.cert.$format 441 openssl x509 -noout -text -in $dir/certs/$serverfqdn.cert.$format 443 445 5.4. Create a Client EE Certificate 447 Here are the openssl commands to create a Client End Entity 448 certificate keypair, Client certificate signed request (CSR), and the 449 Client certificate. Included are commands to view the file contents. 451 file "end-client-dn.sh" 452 commonName= 453 UserID="/UID=rgm" 454 DN=$countryName$stateOrProvinceName$localityName 455 DN=$DN$organizationName$organizationalUnitName$commonName$UserID 456 echo $DN 457 clientemail=rgm@example.com 458 460 file "end-client.sh" 461 export subjectAltName="email:$clientemail" 462 echo $subjectAltName 464 if [ ! -f $intdir/private/$clientemail.key.$format ]; then 465 openssl genpkey $pass -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 466 -pkeyopt ec_param_enc:named_curve\ 467 -out $intdir/private/$clientemail.key.$format 468 chmod 400 $intdir/private/$clientemail.key.$format 469 openssl pkey $passin -in $intdir/private/$clientemail.key.$format -text -noout 470 fi 472 openssl req -config $cfgdir/openssl-intermediate.cnf $passin \ 473 -key $intdir/private/$clientemail.key.$format \ 474 -subj "$DN" -new -sha256 -out $intdir/csr/$clientemail.csr.$format 476 openssl req -text -noout -verify\ 477 -in $intdir/csr/$clientemail.csr.$format 479 openssl rand -hex $sn > $intdir/serial # hex 8 is minimum, 19 is maximum 480 # Note 'openssl ca' does not support DER format 481 openssl ca -config $cfgdir/openssl-intermediate.cnf -days 375\ 482 -extensions usr_cert -notext -md sha256 $passin \ 483 -in $intdir/csr/$clientemail.csr.$format -batch\ 484 -out $cadir/certs/$clientemail.cert.$format 485 chmod 444 $cadir/certs/$clientemail.cert.$format 487 openssl verify -CAfile $cadir/certs/ca-chain.cert.$format\ 488 $cadir/certs/$clientemail.cert.$format 489 openssl x509 -noout -text -in $cadir/certs/$clientemail.cert.$format 490 492 6. The 802.1AR Intermediate level 494 6.1. Setting up the 802.1AR Intermediate Certificate Environment 496 The next part is to create the 802.1AR Intermediate pki environment. 497 This is very similar to the Intermediate pki environment. Modify the 498 variables to suit your needs. 500 file "intermediate_1ar_setup.sh" 501 export dir=$cadir/8021ARintermediate 502 mkdir $dir 503 cd $dir 504 mkdir certs crl csr newcerts private 505 chmod 700 private 506 touch index.txt 507 sn=8 # hex 8 is minimum, 19 is maximum 508 echo 1000 > $dir/crlnumber 510 # cd $dir 511 export crlDP= 512 # For CRL support use uncomment these: 513 #crl=8021ARintermediate.crl.pem 514 #crlurl=www.htt-consult.com/pki/$crl 515 #export crlDP="URI:http://$crlurl" 516 export default_crl_days=30 517 export ocspIAI= 518 # For OCSP support use uncomment these: 519 #ocspurl=ocsp.htt-consult.com 520 #export ocspIAI="OCSP;URI:http://$ocspurl" 522 countryName="/C=US" 523 stateOrProvinceName="/ST=MI" 524 localityName="/L=Oak Park" 525 organizationName="/O=HTT Consulting" 526 organizationalUnitName="/OU=Devices" 527 #organizationalUnitName= 528 commonName="/CN=802.1AR CA" 529 DN=$countryName$stateOrProvinceName$localityName$organizationName 530 DN=$DN$organizationalUnitName$commonName 531 echo $DN 532 export subjectAltName=email:postmaster@htt-consult.com 533 echo $subjectAltName 534 536 Create the file, $dir/openssl-8021ARintermediate.cnf from the 537 contents in Appendix A.3. Uncomment lines for crlDistributionPoints 538 and authorityInfoAccess if using CRLs or OSCP repectfully. 540 6.2. Create the 802.1AR Intermediate Certificate 542 Here are the openssl commands to create the 802.1AR Intermediate 543 certificate keypair, 802.1AR Intermediate certificate signed request 544 (CSR), and the 802.1AR Intermediate certificate. Included are 545 commands to view the file contents. 547 file "intermediate_1ar_cert.sh" 548 # Create passworded keypair file 550 openssl genpkey -aes256 -algorithm ec\ 551 -pkeyopt ec_paramgen_curve:prime256v1 \ 552 -outform $format -pkeyopt ec_param_enc:named_curve\ 553 -out $dir/private/8021ARintermediate.key.$format 554 chmod 400 $dir/private/8021ARintermediate.key.$format 555 openssl pkey -inform $format\ 556 -in $dir/private/8021ARintermediate.key.$format -text -noout 558 # Create the CSR 560 openssl req -config $cadir/openssl-root.cnf\ 561 -key $dir/private/8021ARintermediate.key.$format \ 562 -keyform $format -outform $format -subj "$DN" -new -sha256\ 563 -out $dir/csr/8021ARintermediate.csr.$format 564 openssl req -text -noout -verify -inform $format\ 565 -in $dir/csr/8021ARintermediate.csr.$format 567 # Create 802.1AR Intermediate Certificate file 568 # The following does NOT work for DER 570 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 571 # Note 'openssl ca' does not support DER format 572 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 573 -extensions v3_intermediate_ca -notext -md sha256\ 574 -in $dir/csr/8021ARintermediate.csr.$format\ 575 -out $dir/certs/8021ARintermediate.cert.pem 577 chmod 444 $dir/certs/8021ARintermediate.cert.$format 579 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 580 $dir/certs/8021ARintermediate.cert.$format 582 openssl x509 -noout -text\ 583 -in $dir/certs/8021ARintermediate.cert.$format 585 # Create the certificate chain file 587 cat $dir/certs/8021ARintermediate.cert.$format\ 588 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 589 chmod 444 $dir/certs/ca-chain.cert.$format 591 593 6.3. Create an 802.1AR iDevID Certificate 595 Here are the openssl commands to create a 802.1AR iDevID certificate 596 keypair, iDevID certificate signed request (CSR), and the iDevID 597 certificate. Included are commands to view the file contents. 599 file "idevid-csr-cert.sh" 601 DevID=Wt1234 602 countryName= 603 stateOrProvinceName= 604 localityName= 605 organizationName="/O=HTT Consulting" 606 organizationalUnitName="/OU=Devices" 607 commonName= 608 serialNumber="/serialNumber=$DevID" 609 DN=$countryName$stateOrProvinceName$localityName 610 DN=$DN$organizationName$organizationalUnitName$commonName 611 DN=$DN$serialNumber 612 echo $DN 614 # hwType is OID for HTT Consulting, devices, sensor widgets 615 export hwType=1.3.6.1.4.1.6715.10.1 616 export hwSerialNum=01020304 # Some hex 617 export subjectAltName="otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname" 618 echo $hwType - $hwSerialNum 620 if [ ! -f $dir/private/$DevID.key.$format ]; then 621 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 622 -pkeyopt ec_param_enc:named_curve\ 623 -out $dir/private/$DevID.key.$format 624 chmod 400 $dir/private/$DevID.key.$format 625 fi 627 openssl pkey -in $dir/private/$DevID.key.$format -text -noout 628 openssl req -config $cfgdir/openssl-8021ARintermediate.cnf\ 629 -key $dir/private/$DevID.key.$format \ 630 -subj "$DN" -new -sha256 -out $dir/csr/$DevID.csr.$format 632 openssl req -text -noout -verify\ 633 -in $dir/csr/$DevID.csr.$format 634 openssl asn1parse -i -in $dir/csr/$DevID.csr.pem 635 # offset of start of hardwareModuleName and use that in place of 189 636 openssl asn1parse -i -strparse 189 -in $dir/csr/$DevID.csr.pem 638 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 639 # Note 'openssl ca' does not support DER format 640 openssl ca -config $cfgdir/openssl-8021ARintermediate.cnf -days 375\ 641 -extensions 8021ar_idevid -notext -md sha256 \ 642 -in $dir/csr/$DevID.csr.$format\ 643 -out $dir/certs/$DevID.cert.$format 644 chmod 444 $dir/certs/$DevID.cert.$format 646 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 647 $dir/certs/$DevID.cert.$format 648 openssl x509 -noout -text -in $dir/certs/$DevID.cert.$format 649 openssl asn1parse -i -in $dir/certs/$DevID.cert.pem 651 # offset of start of hardwareModuleName and use that in place of 493 652 openssl asn1parse -i -strparse 493 -in $dir/certs/$DevID.cert.pem 654 656 7. Setting up a CRL for an Intermediate CA 658 This part provides CRL support to an Intermediate CA. In this memo 659 it applies to both Intermediate CAs. Set the crlDistributionPoints 660 as provided via the environment variables. 662 7.1. Create (or recreate) the CRL 664 It is simple to create the CRL. The CRL consists of the certificates 665 flagged with an R (Revoked) in index.txt: 667 file "crl-creation.sh" 669 # Select which Intermediate level 670 intermediate=intermediate 671 #intermediate=8021ARintermediate 672 dir=$cadir/$intermediate 673 crl=$intermediate.crl.pem 675 # Create CRL file 676 openssl ca -config $dir/openssl-$intermediate.cnf \ 677 -gencrl -out $dir/crl/$crl 678 chmod 444 $dir/crl/$crl 680 openssl crl -in $dir/crl/$crl -noout -text 682 684 7.2. Revoke a Certificate 686 Revoking a certificate is a two step process. First identify the 687 target certificate, examples are listed below. Revoke it then 688 publish a new CRL. 690 file "revoke-step1.sh" 692 targetcert=fqdn 693 #targetcert=clientemail 694 #targetcert=DevID 696 openssl ca -config $dir/openssl-$intermediate.cnf\ 697 -revoke $dir/certs/$targetcert.cert.$format 699 701 Recreate the CRL using Section 7.1. 703 8. Setting up OCSP for an Intermediate CA 705 This part provides OCSP support to an Intermediate CA. In this memo 706 it applies to both Intermediate CAs. Set the authorityInfoAccess as 707 provided via the environment variables. 709 8.1. Create the OCSP Certificate 711 OCSP needs a signing certificate. This certificate must be signed by 712 the CA that signed the certificate being checked. The steps to 713 create this certificate is the similar to a Server certificate for 714 the CA: 716 file "ocsp-setup.sh" 718 # Select which Intermediate level 719 intermediate=intermediate 720 #intermediate=8021ARintermediate 721 # Optionally, password encrypt key pair 722 encryptkey= 723 #encryptkey=-aes256 725 # Create the key pair in Intermediate level $intermediate 726 cd $dir 727 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 728 $encryptkey -pkeyopt ec_param_enc:named_curve\ 729 -out $dir/private/$ocspurl.key.$format 730 chmod 400 $dir/private/$ocspurl.$format 731 openssl pkey -in $dir/private/$ocspurl.key.$format -text -noout 733 # Create CSR 734 commonName= 735 DN=$countryName$stateOrProvinceName$localityName 736 DN=$DN$organizationName$organizationalUnitName$commonName 737 echo $DN 738 emailaddr=postmaster@htt-consult.com 739 export subjectAltName="DNS:$ocspurl, email:$emailaddr" 740 echo $subjectAltName 741 openssl req -config $dir/openssl-$intermediate.cnf\ 742 -key $dir/private/$ocspurl.key.$format \ 743 -subj "$DN" -new -sha256 -out $dir/csr/$ocspurl.csr.$format 745 openssl req -text -noout -verify -in $dir/csr/$ocspurl.csr.$format 747 # Create Certificate 749 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 750 # Note 'openssl ca' does not support DER format 751 openssl ca -config $dir/openssl-$intermediate.cnf -days 375\ 752 -extensions ocsp -notext -md sha256 \ 753 -in $dir/csr/$ocspurl.csr.$format\ 754 -out $dir/certs/$ocspurl.cert.$format 755 chmod 444 $dir/certs/$ocspurl.cert.$format 757 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 758 $dir/certs/$ocspurl.cert.$format 759 openssl x509 -noout -text -in $dir/certs/$ocspurl.cert.$format 761 763 8.2. Revoke a Certificate 765 Revoke the certificate as in Section 7.2. The OCSP responder SHOULD 766 detect the flag change in index.txt and, when queried respond 767 appropriately. 769 8.3. Testing OCSP with Openssl 771 OpenSSL provides a simple OCSP service that can be used to test the 772 OCSP certificate and revocation process (Note that this only reads 773 the index.txt to get the certificate status at startup). 775 In a terminal window, set variables dir and ocspurl (examples below), 776 then run the simple OCSP service: 778 file "run-ocsp-server.sh" 780 dir=/root/ca/intermediate 781 ocspurl=ocsp.htt-consult.com 783 openssl ocsp -port 2560 -text -rmd sha256\ 784 -index $dir/index.txt \ 785 -CA $dir/certs/ca-chain.cert.pem \ 786 -rkey $dir/private/$ocspurl.key.pem \ 787 -rsigner $dir/certs/$ocspurl.cert.pem \ 788 -nrequest 1 790 792 In another window, test out a certificate status with: 794 file "test-ocsp-server.sh" 796 targetcert=fqdn 797 #targetcert=clientemail 798 #targetcert=DevID 800 openssl ocsp -CAfile $dir/certs/ca-chain.cert.pem \ 801 -url http://127.0.0.1:2560 -resp_text -sha256\ 802 -issuer $dir/certs/$intermediate.cert.pem \ 803 -cert $dir/certs/$targetcert.cert.pem 805 807 Revoke the certificate, Section 7.2, restart the test Responder again 808 as above, then check the certificate status. 810 9. Footnotes 812 Creating this document was a real education in the state of openSSL, 813 X.509 certificate guidance, and just general level of certificate 814 awareness. Here are a few short notes. 816 9.1. Certificate Serial Number 818 The certificate serial number's role is to provide yet another way to 819 maintain uniqueness of certificates within a pki as well as a way to 820 index them in a data store. It has taken on other roles, most 821 notably as a defense. 823 The CABForum guideline for a public CA is for the serial number to be 824 a random number at least 8 octets long and no longer than 20 bytes. 825 By default, openssl makes self-signed certificates with 8 octet 826 serial numbers. This guide uses openssl's RAND function to generate 827 the random value and pipe it into the -set_serial option. This 828 number MAY have the first bit as a ONE; the DER encoding rules 829 prepend such numbers with 0x00. Thus the limit of '19' for the 830 variable 'ns'. 832 A private CA need not follow the CABForum rules and can use anything 833 number for the serial number. For example, the root CA (which has no 834 security risks mitigated by using a random value) could use '1' as 835 its serial number. Intermediate and End Entity certificate serial 836 numbers can also be of any value if a strong hash, like SHA256 used 837 here. A value of 4 for ns would provide a sufficient population so 838 that a CA of 10,000 EE certificates will have only a 1.2% probability 839 of a collision. For only 1,000 certificates the probability drops to 840 0.012%. 842 The following was proposed on the openssl-user list as an alternative 843 to using the RAND function: 845 Keep k bits (k/8 octets) long serial numbers for all your 846 certificates, chose a block cipher operating on blocks of k bits, and 847 operate this block cipher in CTR mode, with a proper secret key and 848 secret starting counter. That way, no collision detection is 849 necessary, you'll be able to generate 2^(k/2) unique k bits longs 850 serial numbers (in fact, you can generate 2^k unique serial numbers, 851 but after 2^(k/2) you lose some security guarantees). 853 With 3DES, k=64, and with AES, k=128. 855 9.2. Some OpenSSL config file limitations 857 There is a bit of inconsistency in how different parts and fields in 858 the config file are used. Environment variables can only be used as 859 values. Some fields can have null values, others cannot. The lack 860 of allowing null fields means a script cannot feed in an environment 861 variable with value null. In such a case, the field has to be 862 removed from the config file. 864 The expectation is each CA within a PKI has its own config file, 865 customized to the certificates supported by that CA. 867 9.3. subjectAltName support, or lack thereof 869 There is no direct openssl command line option to provide a 870 subjectAltName for a certificate. This is a serious limitation. Per 871 RFC 2818 [RFC2818] SAN is the object for providing email addresses 872 and DNS addresses (FQDN), yet the common practice has been to use the 873 commonName object within the distinguishedName object. How much of 874 this is due to the difficulty in creating certificates with a SAN? 876 Thus the only way to provide a SAN is through the config file. And 877 there are two approaches. This document uses an environment variable 878 to provide the SAN value into the config file. Another approach is 879 to use piping as in: 881 file "san-creation-pipe.sh" 882 openssl req -new -sha256 -key domain.key\ 883 -subj "/C=US/ST=CA/O=Acme, Inc./CN=foo.com" -reqexts SAN\ 884 -config <(cat /etc/ssl/openssl.cnf\ 885 <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))\ 886 -out domain.csr 888 890 9.4. DER support, or lack thereof 892 The long, hard-fought battle with openssl to create a full DER pki 893 failed. The is no facility to create a DER certificate from a DER 894 CSR. It just is not there in the 'openssl ca' command. Even the 895 'openssl x509 -req' command cannot do this for a simple certificate. 897 Further, there is no 'hack' for making a certificate chain as there 898 is with PEM. With PEM a simple concatenation of the certificates 899 create a usable certificate chain. For DER, some recommend using 900 PKCS#7 [RFC2315], where others point out that this format is poorly 901 support 'in the field', whereas PKCS#12 [RFC7292] works for them. 903 Finally, openssl does supports converting a PEM certificate to DER: 905 openssl x509 -outform der -in certificate.pem -out certificate.der 907 This should also work for the keypair. However, in a highly 908 constrained device it may make more sense to just store the raw 909 keypair in the device's very limited secure storage. 911 10. IANA Considerations 913 TBD. May be nothing for IANA. 915 11. Security Considerations 917 11.1. Adequate Randomness 919 Creating certificates takes a lot of random numbers. A good source 920 of random numbers is critical. Studies [WeakKeys] have found 921 excessive amount of certificates, all with the same keys due to bad 922 randomness on the generating systems. The amount of entropy 923 available for these random numbers can be tested. On Fedora/Centos 924 and most Linux systems use: 926 cat /proc/sys/kernel/random/entropy_avail 928 If the value is low (below 1000) check your system's randomness 929 source. Is rng-tools installed? Consider adding an entropy 930 collection service like haveged from issihosts.com/haveged. 932 11.2. Key pair Theft 934 During the certificate creation, particularly during keypair 935 generation, the files are vulnerable to theft. This can be mitigate 936 using umask. Before using openssl, set umask: 938 restore_mask=$(umask -p) 939 umask 077 941 Afterwards, restore it with: 943 $restore_mask 945 or just close the shell that was used, and start a new one. (The -p 946 option to umask is a bash-ism) 947 There is nothing in these recipes that requires super-user on the 948 system creating the certificates. Provided that adequate randomness 949 is available, a virtual machine or container is entirely appropriate. 950 Containers tend to have better access to randomness than virtual 951 machines. 953 The scripts and configuration files and in particular, private keys, 954 may be kept offline on a USB key for instance, and loaded when 955 needed. 957 The OCSP server needs to be online and available to all clients that 958 will use the certificates. This may mean available on the Internet. 959 A firewall can protect the OCSP server, and port-forwards and/or ACL 960 rules can restrict access to just the OCSP port. OCSP artifacts are 961 signed by a key designed for that purpose only so do not require that 962 the associated CA key be available online. 964 Generating new CRLs, however, requires that the CA signing key be 965 online, which is one of the reasons for creating an intermediate CA. 967 12. Acknowledgments 969 This work was jump started by the excellent RSA pki guide by Jamie 970 Nguyen. The openssl-user mailing list, with its many supportive 971 experts; in particular: Rich Salz, Jakob Bolm, Viktor Dukhovni, and 972 Erwann Abalea, was of immense help as was the openssl man pages 973 website. 975 Finally, "Professor Google" was always ready to point to answers to 976 questions like: "openssl subjectAltName on the command line". And 977 the Professor, it seems, never tires of answering even trivial 978 questions. 980 13. References 982 13.1. Normative References 984 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 985 Requirement Levels", BCP 14, RFC 2119, 986 DOI 10.17487/RFC2119, March 1997, 987 . 989 13.2. Informative References 991 [IEEE.802.1AR_2009] 992 IEEE, "IEEE Standard for Local and metropolitan area 993 networks - Secure Device Identity", IEEE 802.1AR-2009, 994 DOI 10.1109/ieeestd.2009.5367679, December 2009, 995 . 998 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 999 Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, 1000 . 1002 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 1003 DOI 10.17487/RFC2818, May 2000, 1004 . 1006 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 1007 and M. Scott, "PKCS #12: Personal Information Exchange 1008 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 1009 . 1011 [WeakKeys] 1012 Heninger, N., Durumeric, Z., Wustrow, E., and J. 1013 Halderman, "Detection of Widespread Weak Keys in Network 1014 Devices", July 2011, 1015 . 1018 Appendix A. OpenSSL config files 1020 A.1. OpenSSL Root config file 1022 The following is the openssl-root.cnf file contents 1024 # OpenSSL root CA configuration file. 1025 # Copy to `$dir/openssl-root.cnf`. 1027 [ ca ] 1028 # `man ca` 1029 default_ca = CA_default 1031 [ CA_default ] 1032 # Directory and file locations. 1033 dir = $ENV::rootca 1034 cadir = $ENV::cadir 1035 format = $ENV::format 1037 certs = $dir/certs 1038 crl_dir = $dir/crl 1039 new_certs_dir = $dir/newcerts 1040 database = $dir/index.txt 1041 serial = $dir/serial 1042 RANDFILE = $dir/private/.rand 1044 # The root key and root certificate. 1045 private_key = $dir/private/ca.key.$format 1046 certificate = $cadir/certs/ca.cert.$format 1048 # For certificate revocation lists. 1049 crlnumber = $dir/crlnumber 1050 crl = $dir/crl/ca.crl.pem 1051 crl_extensions = crl_ext 1052 default_crl_days = 30 1054 # SHA-1 is deprecated, so use SHA-2 instead. 1055 default_md = sha256 1057 name_opt = ca_default 1058 cert_opt = ca_default 1059 default_days = 375 1060 preserve = no 1061 policy = policy_strict 1062 copy_extensions = copy 1064 [ policy_strict ] 1065 # The root CA should only sign intermediate certificates that match. 1066 # See the POLICY FORMAT section of `man ca`. 1067 countryName = optional 1068 stateOrProvinceName = optional 1069 organizationName = optional 1070 organizationalUnitName = optional 1071 commonName = optional 1073 [ policy_loose ] 1074 # Allow the intermediate CA to sign a more 1075 # diverse range of certificates. 1076 # See the POLICY FORMAT section of the `ca` man page. 1077 countryName = optional 1078 stateOrProvinceName = optional 1079 localityName = optional 1080 organizationName = optional 1081 organizationalUnitName = optional 1082 commonName = optional 1084 [ req ] 1085 # Options for the `req` tool (`man req`). 1086 default_bits = 2048 1087 distinguished_name = req_distinguished_name 1088 string_mask = utf8only 1089 req_extensions = req_ext 1091 # SHA-1 is deprecated, so use SHA-2 instead. 1092 default_md = sha256 1094 # Extension to add when the -x509 option is used. 1095 x509_extensions = v3_ca 1097 [ req_distinguished_name ] 1098 # See . 1099 countryName = Country Name (2 letter code) 1100 stateOrProvinceName = State or Province Name 1101 localityName = Locality Name 1102 0.organizationName = Organization Name 1103 organizationalUnitName = Organizational Unit Name 1104 commonName = Common Name 1106 # Optionally, specify some defaults. 1107 # countryName_default = US 1108 # stateOrProvinceName_default = MI 1109 # localityName_default = Oak Park 1110 # 0.organizationName_default = HTT Consulting 1111 # organizationalUnitName_default = 1113 [ req_ext ] 1114 subjectAltName = $ENV::subjectAltName 1116 [ v3_ca ] 1117 # Extensions for a typical CA (`man x509v3_config`). 1118 subjectKeyIdentifier = hash 1119 authorityKeyIdentifier = keyid:always,issuer 1120 basicConstraints = critical, CA:true 1121 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1122 keyUsage = critical, cRLSign, keyCertSign 1123 subjectAltName = $ENV::subjectAltName 1125 [ v3_intermediate_ca ] 1126 # Extensions for a typical intermediate CA (`man x509v3_config`). 1127 subjectKeyIdentifier = hash 1128 authorityKeyIdentifier = keyid:always,issuer 1129 basicConstraints = critical, CA:true, pathlen:0 1130 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1131 keyUsage = critical, cRLSign, keyCertSign 1133 [ crl_ext ] 1134 # Extension for CRLs (`man x509v3_config`). 1136 authorityKeyIdentifier=keyid:always 1138 [ ocsp ] 1139 # Extension for OCSP signing certificates (`man ocsp`). 1140 basicConstraints = CA:FALSE 1141 subjectKeyIdentifier = hash 1142 authorityKeyIdentifier = keyid,issuer 1143 keyUsage = critical, digitalSignature 1144 extendedKeyUsage = critical, OCSPSigning 1145 1147 A.2. OpenSSL Intermediate config file 1149 The following is the openssl-intermediate.cnf file contents. 1151 Remove the crlDistributionPoints to drop CRL support and 1152 authorityInfoAccess to drop OCSP support. 1154 # OpenSSL intermediate CA configuration file. 1155 # Copy to `$dir/intermediate/openssl-intermediate.cnf`. 1157 [ ca ] 1158 # `man ca` 1159 default_ca = CA_default 1161 [ CA_default ] 1162 # Directory and file locations. 1163 dir = $ENV::intdir 1164 cadir = $ENV::cadir 1165 format = $ENV::format 1167 certs = $dir/certs 1168 crl_dir = $dir/crl 1169 new_certs_dir = $dir/newcerts 1170 database = $dir/index.txt 1171 serial = $dir/serial 1172 RANDFILE = $dir/private/.rand 1174 # The Intermediate key and Intermediate certificate. 1175 private_key = $dir/private/intermediate.key.$format 1176 certificate = $cadir/certs/intermediate.cert.$format 1178 # For certificate revocation lists. 1179 crlnumber = $dir/crlnumber 1180 crl = $dir/crl/intermediate.crl.pem 1181 crl_extensions = crl_ext 1182 default_crl_days = $ENV::default_crl_days 1183 # SHA-1 is deprecated, so use SHA-2 instead. 1184 default_md = sha256 1186 name_opt = ca_default 1187 cert_opt = ca_default 1188 default_days = 375 1189 preserve = no 1190 policy = policy_loose 1191 copy_extensions = copy 1193 [ policy_strict ] 1194 # The root CA should only sign intermediate certificates that match. 1195 # See the POLICY FORMAT section of `man ca`. 1196 countryName = optional 1197 stateOrProvinceName = optional 1198 organizationName = optional 1199 organizationalUnitName = optional 1200 commonName = optional 1202 [ policy_loose ] 1203 # Allow the intermediate CA to sign a more 1204 # diverse range of certificates. 1205 # See the POLICY FORMAT section of the `ca` man page. 1206 countryName = optional 1207 stateOrProvinceName = optional 1208 localityName = optional 1209 organizationName = optional 1210 organizationalUnitName = optional 1211 commonName = optional 1212 UID = optional 1214 [ req ] 1215 # Options for the `req` tool (`man req`). 1216 default_bits = 2048 1217 distinguished_name = req_distinguished_name 1218 string_mask = utf8only 1219 req_extensions = req_ext 1221 # SHA-1 is deprecated, so use SHA-2 instead. 1222 default_md = sha256 1224 # Extension to add when the -x509 option is used. 1225 x509_extensions = v3_ca 1227 [ req_distinguished_name ] 1228 # See . 1229 countryName = Country Name (2 letter code) 1230 stateOrProvinceName = State or Province Name 1231 localityName = Locality Name 1232 0.organizationName = Organization Name 1233 organizationalUnitName = Organizational Unit Name 1234 commonName = Common Name 1235 UID = User ID 1237 # Optionally, specify some defaults. 1238 # countryName_default = US 1239 # stateOrProvinceName_default = MI 1240 # localityName_default = Oak Park 1241 # 0.organizationName_default = HTT Consulting 1242 # organizationalUnitName_default = 1244 [ req_ext ] 1245 subjectAltName = $ENV::subjectAltName 1247 [ v3_ca ] 1248 # Extensions for a typical CA (`man x509v3_config`). 1249 subjectKeyIdentifier = hash 1250 authorityKeyIdentifier = keyid:always,issuer 1251 basicConstraints = critical, CA:true 1252 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1253 keyUsage = critical, cRLSign, keyCertSign 1255 [ v3_intermediate_ca ] 1256 # Extensions for a typical intermediate CA (`man x509v3_config`). 1257 subjectKeyIdentifier = hash 1258 authorityKeyIdentifier = keyid:always,issuer 1259 basicConstraints = critical, CA:true, pathlen:0 1260 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1261 keyUsage = critical, cRLSign, keyCertSign 1263 [ usr_cert ] 1264 # Extensions for client certificates (`man x509v3_config`). 1265 basicConstraints = CA:FALSE 1266 nsCertType = client, email 1267 nsComment = "OpenSSL Generated Client Certificate" 1268 subjectKeyIdentifier = hash 1269 authorityKeyIdentifier = keyid,issuer 1270 keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment 1271 extendedKeyUsage = clientAuth, emailProtection 1272 # uncomment the following if the ENV variables set 1273 # crlDistributionPoints = $ENV::crlDP 1274 # authorityInfoAccess = $ENV::ocspIAI 1276 [ server_cert ] 1277 # Extensions for server certificates (`man x509v3_config`). 1278 basicConstraints = CA:FALSE 1279 nsCertType = server 1280 nsComment = "OpenSSL Generated Server Certificate" 1281 subjectKeyIdentifier = hash 1282 authorityKeyIdentifier = keyid,issuer:always 1283 keyUsage = critical, digitalSignature, keyEncipherment 1284 extendedKeyUsage = serverAuth 1285 # uncomment the following if the ENV variables set 1286 # crlDistributionPoints = $ENV::crlDP 1287 # authorityInfoAccess = $ENV::ocspIAI 1289 [ crl_ext ] 1290 # Extension for CRLs (`man x509v3_config`). 1291 authorityKeyIdentifier=keyid:always 1293 [ ocsp ] 1294 # Extension for OCSP signing certificates (`man ocsp`). 1295 basicConstraints = CA:FALSE 1296 subjectKeyIdentifier = hash 1297 authorityKeyIdentifier = keyid,issuer 1298 keyUsage = critical, digitalSignature 1299 extendedKeyUsage = critical, OCSPSigning 1300 1302 A.3. OpenSSL 802.1AR Intermediate config file 1304 The following is the openssl-8021ARintermediate.cnf file contents. 1306 Remove the crlDistributionPoints to drop CRL support and 1307 authorityInfoAccess to drop OCSP support. 1309 # OpenSSL 8021ARintermediate CA configuration file. 1310 # Copy to `$dir/8021ARintermediate/openssl-8021ARintermediate.cnf`. 1312 [ ca ] 1313 # `man ca` 1314 default_ca = CA_default 1316 [ CA_default ] 1317 # Directory and file locations. 1318 # dir = /root/ca/8021ARintermediate 1319 dir = $ENV::dir 1320 cadir = $ENV::cadir 1321 format = $ENV::format 1323 certs = $dir/certs 1324 crl_dir = $dir/crl 1325 new_certs_dir = $dir/newcerts 1326 database = $dir/index.txt 1327 serial = $dir/serial 1328 RANDFILE = $dir/private/.rand 1330 # The root key and root certificate. 1331 private_key = $dir/private/8021ARintermediate.key.$format 1332 certificate = $dir/certs/8021ARintermediate.cert.$format 1334 # For certificate revocation lists. 1335 crlnumber = $dir/crlnumber 1336 crl = $dir/crl/ca.crl.pem 1337 crl_extensions = crl_ext 1338 default_crl_days = $ENV::default_crl_days 1340 # SHA-1 is deprecated, so use SHA-2 instead. 1341 default_md = sha256 1343 name_opt = ca_default 1344 cert_opt = ca_default 1345 default_enddate = 99991231235959Z # per IEEE 802.1AR 1346 preserve = no 1347 policy = policy_loose 1348 copy_extensions = copy 1350 [ policy_strict ] 1351 # The root CA should only sign 8021ARintermediate 1352 # certificates that match. 1353 # See the POLICY FORMAT section of `man ca`. 1354 countryName = match 1355 stateOrProvinceName = match 1356 organizationName = match 1357 organizationalUnitName = optional 1358 commonName = optional 1360 [ policy_loose ] 1361 # Allow the 8021ARintermediate CA to sign 1362 # a more diverse range of certificates. 1363 # See the POLICY FORMAT section of the `ca` man page. 1364 countryName = optional 1365 stateOrProvinceName = optional 1366 localityName = optional 1367 organizationName = optional 1368 organizationalUnitName = optional 1369 commonName = optional 1370 serialNumber = optional 1372 [ req ] 1373 # Options for the `req` tool (`man req`). 1374 default_bits = 2048 1375 distinguished_name = req_distinguished_name 1376 string_mask = utf8only 1377 req_extensions = req_ext 1379 # SHA-1 is deprecated, so use SHA-2 instead. 1380 default_md = sha256 1382 # Extension to add when the -x509 option is used. 1383 x509_extensions = v3_ca 1385 [ req_distinguished_name ] 1386 # See . 1387 countryName = Country Name (2 letter code) 1388 stateOrProvinceName = State or Province Name 1389 localityName = Locality Name 1390 0.organizationName = Organization Name 1391 organizationalUnitName = Organizational Unit Name 1392 commonName = Common Name 1393 serialNumber = Device Serial Number 1395 # Optionally, specify some defaults. 1396 0.organizationName_default = HTT Consulting 1397 organizationalUnitName_default = Devices 1399 [ req_ext ] 1400 subjectAltName = $ENV::subjectAltName 1402 [ hmodname ] 1403 hwType = OID:$ENV::hwType 1404 hwSerialNum = FORMAT:HEX,OCT:$ENV::hwSerialNum 1406 [ v3_ca ] 1407 # Extensions for a typical CA (`man x509v3_config`). 1408 subjectKeyIdentifier = hash 1409 authorityKeyIdentifier = keyid:always,issuer 1410 basicConstraints = critical, CA:true 1411 keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1413 [ v3_8021ARintermediate_ca ] 1414 # Extensions for a typical 1415 # 8021ARintermediate CA (`man x509v3_config`). 1416 subjectKeyIdentifier = hash 1417 authorityKeyIdentifier = keyid:always,issuer 1418 basicConstraints = critical, CA:true, pathlen:0 1419 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1420 keyUsage = critical, cRLSign, keyCertSign 1422 [ 8021ar_idevid ] 1423 # Extensions for IEEE 802.1AR iDevID 1424 # certificates (`man x509v3_config`). 1425 basicConstraints = CA:FALSE 1426 authorityKeyIdentifier = keyid,issuer:always 1427 keyUsage = critical, digitalSignature, keyEncipherment 1428 # uncomment the following if the ENV variables set 1429 # crlDistributionPoints = $ENV::crlDP 1430 # authorityInfoAccess = $ENV::ocspIAI 1432 [ crl_ext ] 1433 # Extension for CRLs (`man x509v3_config`). 1434 authorityKeyIdentifier=keyid:always 1436 [ ocsp ] 1437 # Extension for OCSP signing certificates (`man ocsp`). 1438 basicConstraints = CA:FALSE 1439 subjectKeyIdentifier = hash 1440 authorityKeyIdentifier = keyid,issuer 1441 keyUsage = critical, digitalSignature 1442 extendedKeyUsage = critical, OCSPSigning 1443 1445 Authors' Addresses 1447 Robert Moskowitz 1448 HTT Consulting 1450 Oak Park, MI 48237 1452 Email: rgm@labs.htt-consult.com 1454 Henk Birkholz 1455 Fraunhofer SIT 1456 Rheinstrasse 75 1457 Darmstadt 64295 1458 Germany 1460 Email: henk.birkholz@sit.fraunhofer.de 1462 Liang Xia 1463 Huawei 1464 No. 101, Software Avenue, Yuhuatai District 1465 Nanjing 1466 China 1468 Email: Frank.xialiang@huawei.com 1469 Michael C. Richardson 1470 Sandelman Software Works 1472 Email: mcr+ietf@sandelman.ca 1473 URI: http://www.sandelman.ca/