idnits 2.17.1 draft-moskowitz-ecdsa-pki-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 4 instances of too long lines in the document, the longest one being 10 characters in excess of 72. == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 31, 2021) is 1181 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 wg TBD R. Moskowitz 3 Internet-Draft HTT Consulting 4 Intended status: Informational H. Birkholz 5 Expires: August 4, 2021 Fraunhofer SIT 6 L. Xia 7 Huawei 8 M. Richardson 9 Sandelman 10 January 31, 2021 12 Guide for building an ECC pki 13 draft-moskowitz-ecdsa-pki-10 15 Abstract 17 This memo provides a guide for building a PKI (Public Key 18 Infrastructure) using openSSL. All certificates in this guide are 19 ECDSA, P-256, with SHA256 certificates. Along with common End Entity 20 certificates, this guide provides instructions for creating IEEE 21 802.1AR iDevID Secure Device certificates. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on August 4, 2021. 40 Copyright Notice 42 Copyright (c) 2021 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (https://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 3 59 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 3 60 2.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. The Basic PKI feature set . . . . . . . . . . . . . . . . . . 4 63 4. Getting started and the Root level . . . . . . . . . . . . . 4 64 4.1. Setting up the Environment . . . . . . . . . . . . . . . 5 65 4.2. Create the Root Certificate . . . . . . . . . . . . . . . 6 66 5. The Intermediate level . . . . . . . . . . . . . . . . . . . 7 67 5.1. Setting up the Intermediate Certificate Environment . . . 7 68 5.2. Create the Intermediate Certificate . . . . . . . . . . . 8 69 5.3. Create a Server EE Certificate . . . . . . . . . . . . . 10 70 5.4. Create a Client EE Certificate . . . . . . . . . . . . . 10 71 6. The 802.1AR Intermediate level . . . . . . . . . . . . . . . 11 72 6.1. Setting up the 802.1AR Intermediate Certificate 73 Environment . . . . . . . . . . . . . . . . . . . . . . . 11 74 6.2. Create the 802.1AR Intermediate Certificate . . . . . . . 12 75 6.3. Create an 802.1AR iDevID Certificate . . . . . . . . . . 14 76 7. Setting up a CRL for an Intermediate CA . . . . . . . . . . . 15 77 7.1. Create (or recreate) the CRL . . . . . . . . . . . . . . 15 78 7.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 15 79 8. Setting up OCSP for an Intermediate CA . . . . . . . . . . . 16 80 8.1. Create the OCSP Certificate . . . . . . . . . . . . . . . 16 81 8.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 18 82 8.3. Testing OCSP with Openssl . . . . . . . . . . . . . . . . 18 83 9. Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 19 84 9.1. Certificate Serial Number . . . . . . . . . . . . . . . . 19 85 9.2. Some OpenSSL config file limitations . . . . . . . . . . 20 86 9.3. subjectAltName support, or lack thereof . . . . . . . . . 20 87 9.4. Certificates with only subjectAltName . . . . . . . . . . 20 88 9.5. DER support, or lack thereof . . . . . . . . . . . . . . 21 89 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 90 11. Security Considerations . . . . . . . . . . . . . . . . . . . 21 91 11.1. Adequate Randomness . . . . . . . . . . . . . . . . . . 21 92 11.2. Key pair Theft . . . . . . . . . . . . . . . . . . . . . 22 93 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 94 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 95 13.1. Normative References . . . . . . . . . . . . . . . . . . 23 96 13.2. Informative References . . . . . . . . . . . . . . . . . 23 98 Appendix A. OpenSSL config files . . . . . . . . . . . . . . . . 23 99 A.1. OpenSSL Root config file . . . . . . . . . . . . . . . . 23 100 A.2. OpenSSL Intermediate config file . . . . . . . . . . . . 26 101 A.3. OpenSSL 802.1AR Intermediate config file . . . . . . . . 29 102 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 104 1. Introduction 106 The IETF has a plethora of security solutions targeted at IoT. Yet 107 all too many IoT products are deployed with no or improperly 108 configured security. In particular resource constrained IoT devices 109 and non-IP IoT networks have not been well served in the IETF. 111 Additionally, more IETF (e.g. DOTS, NETCONF) efforts are requiring 112 secure identities, but are vague on the nature of these identities 113 other than to recommend use of X.509 digital certificates and perhaps 114 TLS. 116 This effort provides the steps, using the openSSL application, to 117 create such a PKI of ECDSA certificates. The goal is that any 118 developer or tester can follow these steps, create the basic objects 119 needed and establish the validity of the standard/program design. 120 This guide can even be used to create a production PKi, though 121 additional steps need to be taken. This could be very useful to a 122 small vendor needing to include 802.1AR [IEEE.802.1AR_2009] iDevIDs 123 in their product. 125 This guide was tested with openSSL 1.1.0f on Fedora 26 and creates 126 PEM-based certificates. DER based certificates fails (see 127 Section 9.5). 129 2. Terms and Definitions 131 2.1. Requirements Terminology 133 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 134 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 135 document are to be interpreted as described in RFC 2119 [RFC2119]. 137 2.2. Notations 139 This section will contain notations 141 2.3. Definitions 143 There are no draft specific definitions at this time 145 3. The Basic PKI feature set 147 A basic pki has two levels of hierarchy: Root and Intermediate. The 148 Root level has the greatest risk, and is the least used. It only 149 signs the Intermediate level signing certificate. As such, once the 150 Root level is created and signs the Intermediate level certificate it 151 can be locked up. In fact, the Root level could exist completely on 152 a mSD boot card for an ARM small computer like a RaspberryPi. A copy 153 of this card can be made and securely stored in a different location. 155 The Root level contains the Root certificate private key, a database 156 of all signed certificates, and the public certificate. It can also 157 contain the Intermediate level public certificate and a Root level 158 CRL. 160 The Intermediate level contains the Intermediate certificate private 161 key, the public certificate, a database of all signed certificates, 162 the certificate trust chain, and Intermediate level CRL. It can also 163 contain the End Entity public certificates. The private key file 164 needs to be keep securely. For example as with the Root level, a mSD 165 image for an ARM computer could contain the complete Intermediate 166 level. This image is kept offline. The End Entity CSR is copied to 167 it, signed, and then the signed certificate and updated database are 168 moved to the public image that lacks the private key. 170 For a simple test pki, all files can be kept on a single system that 171 is managed by the tester. 173 End Entities create a key pair and a Certificate Signing Request 174 (CSR). The private key is stored securely. The CSR is delivered to 175 the Intermediate level which uses the CSR to create the End Entity 176 certificate. This certificate, along with the trust chain back to 177 the root, is then returned to the End Entity. 179 There is more to a pki, but this suffices for most development and 180 testing needs. 182 4. Getting started and the Root level 184 This guide was developed on a Fedora 26 armv7hl system (Cubieboard2 185 SoC). It should work on most Linux and similar systems. All work 186 was done in a terminal window with extensive "cutting and pasting" 187 from a draft guide into the terminal window. Users of this guide may 188 find different behaviors based on their system. 190 4.1. Setting up the Environment 192 The first step is to create the pki environment. Modify the 193 variables to suit your needs. 195 file "setup1.sh" 197 # edit directory here, or override 198 export cadir=${cadir-/root/ca} 199 export rootca=${cadir}/root 200 export cfgdir=${cfgdir-$cadir} 201 export intdir=${cadir}/intermediate 202 export int1ardir=${cadir}/inter_1ar 203 export format=pem 204 export default_crl_days=65 206 mkdir -p $cadir/certs 207 mkdir -p $rootca 208 (cd $rootca 209 mkdir -p certs crl csr newcerts private 210 chmod 700 private 211 touch index.txt index.txt.attr 212 if [ ! -f serial ]; then echo 00 >serial; fi 213 ) 215 sn=8 217 # edit these to suit 218 countryName="/C=US" 219 stateOrProvinceName="/ST=MI" 220 localityName="/L=Oak Park" 221 organizationName="/O=HTT Consulting" 222 #organizationalUnitName="/OU=" 223 organizationalUnitName= 224 commonName="/CN=Root CA" 225 DN=$countryName$stateOrProvinceName$localityName 226 DN=$DN$organizationName$organizationalUnitName$commonName 228 echo $DN 229 export subjectAltName=email:postmaster@htt-consult.com 231 export default_crl_days=2048 232 234 Where: 236 dir 237 Directory for certificate files 239 cadir 240 Directory for Root certificate files 242 Format 243 File encoding: PEM or DER 244 At this time only PEM works 246 sn 247 Serial Number length in bytes 248 For a public CA the range is 8 to 19 250 The Serial Number length for a public pki ranges from 8 to 19 bytes. 251 The use of 19 rather than 20 is to accommodate the hex representation 252 of the Serial Number. If it has a one in the high order bit, DER 253 encoding rules will place a 0x00 in front. 255 The DN and SAN fields are examples. Change them to appropriate 256 values. If you leave one blank, it will be left out of the 257 Certificate. "OU" above is an example of an empty DN object. 259 Create the file, $dir/openssl-root.cnf from the contents in 260 Appendix A.1. 262 4.2. Create the Root Certificate 264 Next are the openssl commands to create the Root certificate keypair, 265 and the Root certificate. Included are commands to view the file 266 contents. 268 file "rootcert.sh" 269 # Create passworded keypair file 271 if [ ! -f $rootca/private/ca.key.$format ]; then 272 echo GENERATING KEY 273 openssl genpkey $pass -aes256 -algorithm ec\ 274 -pkeyopt ec_paramgen_curve:prime256v1\ 275 -outform $format -pkeyopt ec_param_enc:named_curve\ 276 -out $rootca/private/ca.key.$format 277 chmod 400 $rootca/private/ca.key.$format 278 openssl pkey $passin -inform $format -in $rootca/private/ca.key.$format\ 279 -text -noout 280 fi 282 # Create Self-signed Root Certificate file 283 # 7300 days = 20 years; Intermediate CA is 10 years. 285 echo GENERATING and SIGNING REQ 286 openssl req -config $cfgdir/openssl-root.cnf $passin \ 287 -set_serial 0x$(openssl rand -hex $sn)\ 288 -keyform $format -outform $format\ 289 -key $rootca/private/ca.key.$format -subj "$DN"\ 290 -new -x509 -days 7300 -sha256 -extensions v3_ca\ 291 -out $cadir/certs/ca.cert.$format 293 # 295 openssl x509 -inform $format -in $cadir/certs/ca.cert.$format\ 296 -text -noout 297 openssl x509 -purpose -inform $format\ 298 -in $cadir/certs/ca.cert.$format -inform $format 299 301 5. The Intermediate level 303 5.1. Setting up the Intermediate Certificate Environment 305 The next part is to create the Intermediate pki environment. Modify 306 the variables to suit your needs. In particular, set the variables 307 for CRL and/or OCSP support. 309 file "intermediate_setup.sh" 311 export intdir=${intdir-$cadir/intermediate} 312 mkdir -p $intdir 314 ( 315 cd $intdir 316 mkdir -p certs crl csr newcerts private 317 chmod 700 private 318 touch index.txt index.txt.attr 319 if [ ! -f serial ]; then echo 00 >serial; fi 320 ) 322 sn=8 # hex 8 is minimum, 19 is maximum 323 echo 1000 > $intdir/crlnumber 325 # cd $dir 326 export crlDP= 327 # For CRL support use uncomment these: 328 #crl=intermediate.crl.pem 329 #crlurl=www.htt-consult.com/pki/$crl 330 #export crlDP="URI:http://$crlurl" 331 export default_crl_days=30 332 export ocspIAI= 333 # For OCSP support use uncomment these: 334 #ocspurl=ocsp.htt-consult.com 335 #export ocspIAI="OCSP;URI:http://$ocspurl" 337 commonName="/CN=Signing CA" 338 DN=$countryName$stateOrProvinceName$localityName$organizationName 339 DN=$DN$organizationalUnitName$commonName 340 echo $DN 342 344 Create the file, $dir/openssl-intermediate.cnf from the contents in 345 Appendix A.2. Uncomment lines for crlDistributionPoints and 346 authorityInfoAccess if using CRLs or OSCP repectfully. 348 5.2. Create the Intermediate Certificate 350 Here are the openssl commands to create the Intermediate certificate 351 keypair, Intermediate certificate signed request (CSR), and the 352 Intermediate certificate. Included are commands to view the file 353 contents. 355 file "intermediate_cert.sh" 356 # Create passworded keypair file 357 if [ ! -f $intdir/private/intermediate.key.$format ]; then 358 echo GENERATING intermediate KEY 359 openssl genpkey $pass -aes256 -algorithm ec \ 360 -pkeyopt ec_paramgen_curve:prime256v1 \ 361 -outform $format -pkeyopt ec_param_enc:named_curve\ 362 -out $intdir/private/intermediate.key.$format 363 chmod 400 $intdir/private/intermediate.key.$format 364 openssl pkey $passin -inform $format\ 365 -in $intdir/private/intermediate.key.$format -text -noout 366 fi 368 # Create the CSR 370 echo GENERATING and SIGNING REQ intermediate 371 openssl req -config $cfgdir/openssl-root.cnf $passin \ 372 -key $intdir/private/intermediate.key.$format -batch \ 373 -keyform $format -outform $format -subj "$DN" -new -sha256\ 374 -out $intdir/csr/intermediate.csr.$format 375 openssl req -text -noout -verify -inform $format\ 376 -in $intdir/csr/intermediate.csr.$format 378 # Create Intermediate Certificate file 380 openssl rand -hex $sn > $intdir/serial # hex 8 is minimum, 19 is maximum 382 if [ ! -f $cadir/certs/intermediate.cert.pem ]; then 383 # Note 'openssl ca' does not support DER format 384 openssl ca -config $cfgdir/openssl-root.cnf -days 3650 $passin \ 385 -extensions v3_intermediate_ca -notext -md sha256 -batch \ 386 -in $intdir/csr/intermediate.csr.$format\ 387 -out $cadir/certs/intermediate.cert.pem 388 chmod 444 $cadir/certs/intermediate.cert.$format 389 rm -f $cadir/certs/ca-chain.cert.$format 390 fi 392 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 393 $cadir/certs/intermediate.cert.$format 395 openssl x509 -noout -text -in $cadir/certs/intermediate.cert.$format 397 # Create the certificate chain file 399 if [ ! -f $cadir/certs/ca-chain.cert.$format ]; then 400 cat $cadir/certs/intermediate.cert.$format\ 401 $cadir/certs/ca.cert.$format > $cadir/certs/ca-chain.cert.$format 402 chmod 444 $cadir/certs/ca-chain.cert.$format 403 fi 404 406 5.3. Create a Server EE Certificate 408 Here are the openssl commands to create a Server End Entity 409 certificate keypair, Server certificate signed request (CSR), and the 410 Server certificate. Included are commands to view the file contents. 412 file "end-server.sh" 414 commonName= 415 DN=$countryName$stateOrProvinceName$localityName 416 DN=$DN$organizationName$organizationalUnitName$commonName 417 echo $DN 418 serverfqdn=www.example.com 419 emailaddr=postmaster@htt-consult.com 420 export subjectAltName="DNS:$serverfqdn, email:$emailaddr" 421 echo $subjectAltName 422 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 423 -pkeyopt ec_param_enc:named_curve\ 424 -out $dir/private/$serverfqdn.key.$format 425 chmod 400 $dir/private/$serverfqdn.$format 426 openssl pkey -in $dir/private/$serverfqdn.key.$format -text -noout 427 openssl req -config $dir/openssl-intermediate.cnf\ 428 -key $dir/private/$serverfqdn.key.$format \ 429 -subj "$DN" -new -sha256 -out $dir/csr/$serverfqdn.csr.$format 431 openssl req -text -noout -verify -in $dir/csr/$serverfqdn.csr.$format 433 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 434 # Note 'openssl ca' does not support DER format 435 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 436 -extensions server_cert -notext -md sha256 \ 437 -in $dir/csr/$serverfqdn.csr.$format\ 438 -out $dir/certs/$serverfqdn.cert.$format 439 chmod 444 $dir/certs/$serverfqdn.cert.$format 441 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 442 $dir/certs/$serverfqdn.cert.$format 443 openssl x509 -noout -text -in $dir/certs/$serverfqdn.cert.$format 445 447 5.4. Create a Client EE Certificate 449 Here are the openssl commands to create a Client End Entity 450 certificate keypair, Client certificate signed request (CSR), and the 451 Client certificate. Included are commands to view the file contents. 453 file "end-client-dn.sh" 454 commonName= 455 UserID="/UID=rgm" 456 DN=$countryName$stateOrProvinceName$localityName 457 DN=$DN$organizationName$organizationalUnitName$commonName$UserID 458 echo $DN 459 clientemail=rgm@example.com 460 462 file "end-client.sh" 463 export subjectAltName="email:$clientemail" 464 echo $subjectAltName 466 if [ ! -f $intdir/private/$clientemail.key.$format ]; then 467 openssl genpkey $pass -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 468 -pkeyopt ec_param_enc:named_curve\ 469 -out $intdir/private/$clientemail.key.$format 470 chmod 400 $intdir/private/$clientemail.key.$format 471 openssl pkey $passin -in $intdir/private/$clientemail.key.$format -text -noout 472 fi 474 openssl req -config $cfgdir/openssl-intermediate.cnf $passin \ 475 -key $intdir/private/$clientemail.key.$format \ 476 -subj "$DN" -new -sha256 -out $intdir/csr/$clientemail.csr.$format 478 openssl req -text -noout -verify\ 479 -in $intdir/csr/$clientemail.csr.$format 481 openssl rand -hex $sn > $intdir/serial # hex 8 is minimum, 19 is maximum 482 # Note 'openssl ca' does not support DER format 483 openssl ca -config $cfgdir/openssl-intermediate.cnf -days 375\ 484 -extensions usr_cert -notext -md sha256 $passin \ 485 -in $intdir/csr/$clientemail.csr.$format -batch\ 486 -out $cadir/certs/$clientemail.cert.$format 487 chmod 444 $cadir/certs/$clientemail.cert.$format 489 openssl verify -CAfile $cadir/certs/ca-chain.cert.$format\ 490 $cadir/certs/$clientemail.cert.$format 491 openssl x509 -noout -text -in $cadir/certs/$clientemail.cert.$format 492 494 6. The 802.1AR Intermediate level 496 6.1. Setting up the 802.1AR Intermediate Certificate Environment 498 The next part is to create the 802.1AR Intermediate pki environment. 499 This is very similar to the Intermediate pki environment. Modify the 500 variables to suit your needs. 502 file "intermediate_1ar_setup.sh" 503 export dir=$cadir/8021ARintermediate 504 mkdir $dir 505 cd $dir 506 mkdir certs crl csr newcerts private 507 chmod 700 private 508 touch index.txt 509 sn=8 # hex 8 is minimum, 19 is maximum 510 echo 1000 > $dir/crlnumber 512 # cd $dir 513 export crlDP= 514 # For CRL support use uncomment these: 515 #crl=8021ARintermediate.crl.pem 516 #crlurl=www.htt-consult.com/pki/$crl 517 #export crlDP="URI:http://$crlurl" 518 export default_crl_days=30 519 export ocspIAI= 520 # For OCSP support use uncomment these: 521 #ocspurl=ocsp.htt-consult.com 522 #export ocspIAI="OCSP;URI:http://$ocspurl" 524 countryName="/C=US" 525 stateOrProvinceName="/ST=MI" 526 localityName="/L=Oak Park" 527 organizationName="/O=HTT Consulting" 528 organizationalUnitName="/OU=Devices" 529 #organizationalUnitName= 530 commonName="/CN=802.1AR CA" 531 DN=$countryName$stateOrProvinceName$localityName$organizationName 532 DN=$DN$organizationalUnitName$commonName 533 echo $DN 534 export subjectAltName=email:postmaster@htt-consult.com 535 echo $subjectAltName 536 538 Create the file, $dir/openssl-8021ARintermediate.cnf from the 539 contents in Appendix A.3. Uncomment lines for crlDistributionPoints 540 and authorityInfoAccess if using CRLs or OSCP repectfully. 542 6.2. Create the 802.1AR Intermediate Certificate 544 Here are the openssl commands to create the 802.1AR Intermediate 545 certificate keypair, 802.1AR Intermediate certificate signed request 546 (CSR), and the 802.1AR Intermediate certificate. Included are 547 commands to view the file contents. 549 file "intermediate_1ar_cert.sh" 550 # Create passworded keypair file 552 openssl genpkey -aes256 -algorithm ec\ 553 -pkeyopt ec_paramgen_curve:prime256v1 \ 554 -outform $format -pkeyopt ec_param_enc:named_curve\ 555 -out $dir/private/8021ARintermediate.key.$format 556 chmod 400 $dir/private/8021ARintermediate.key.$format 557 openssl pkey -inform $format\ 558 -in $dir/private/8021ARintermediate.key.$format -text -noout 560 # Create the CSR 562 openssl req -config $cadir/openssl-root.cnf\ 563 -key $dir/private/8021ARintermediate.key.$format \ 564 -keyform $format -outform $format -subj "$DN" -new -sha256\ 565 -out $dir/csr/8021ARintermediate.csr.$format 566 openssl req -text -noout -verify -inform $format\ 567 -in $dir/csr/8021ARintermediate.csr.$format 569 # Create 802.1AR Intermediate Certificate file 570 # The following does NOT work for DER 572 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 573 # Note 'openssl ca' does not support DER format 574 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 575 -extensions v3_intermediate_ca -notext -md sha256\ 576 -in $dir/csr/8021ARintermediate.csr.$format\ 577 -out $dir/certs/8021ARintermediate.cert.pem 579 chmod 444 $dir/certs/8021ARintermediate.cert.$format 581 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 582 $dir/certs/8021ARintermediate.cert.$format 584 openssl x509 -noout -text\ 585 -in $dir/certs/8021ARintermediate.cert.$format 587 # Create the certificate chain file 589 cat $dir/certs/8021ARintermediate.cert.$format\ 590 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 591 chmod 444 $dir/certs/ca-chain.cert.$format 593 595 6.3. Create an 802.1AR iDevID Certificate 597 Here are the openssl commands to create a 802.1AR iDevID certificate 598 keypair, iDevID certificate signed request (CSR), and the iDevID 599 certificate. Included are commands to view the file contents. 601 file "idevid-csr-cert.sh" 603 DevID=Wt1234 604 countryName= 605 stateOrProvinceName= 606 localityName= 607 organizationName="/O=HTT Consulting" 608 organizationalUnitName="/OU=Devices" 609 commonName= 610 serialNumber="/serialNumber=$DevID" 611 DN=$countryName$stateOrProvinceName$localityName 612 DN=$DN$organizationName$organizationalUnitName$commonName 613 DN=$DN$serialNumber 614 echo $DN 616 # hwType is OID for HTT Consulting, devices, sensor widgets 617 export hwType=1.3.6.1.4.1.6715.10.1 618 export hwSerialNum=01020304 # Some hex 619 export subjectAltName="otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname" 620 echo $hwType - $hwSerialNum 622 if [ ! -f $dir/private/$DevID.key.$format ]; then 623 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 624 -pkeyopt ec_param_enc:named_curve\ 625 -out $dir/private/$DevID.key.$format 626 chmod 400 $dir/private/$DevID.key.$format 627 fi 629 openssl pkey -in $dir/private/$DevID.key.$format -text -noout 630 openssl req -config $cfgdir/openssl-8021ARintermediate.cnf\ 631 -key $dir/private/$DevID.key.$format \ 632 -subj "$DN" -new -sha256 -out $dir/csr/$DevID.csr.$format 634 openssl req -text -noout -verify\ 635 -in $dir/csr/$DevID.csr.$format 636 openssl asn1parse -i -in $dir/csr/$DevID.csr.pem 637 # offset of start of hardwareModuleName and use that in place of 189 638 openssl asn1parse -i -strparse 189 -in $dir/csr/$DevID.csr.pem 640 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 641 # Note 'openssl ca' does not support DER format 642 openssl ca -config $cfgdir/openssl-8021ARintermediate.cnf -days 375\ 643 -extensions 8021ar_idevid -notext -md sha256 \ 644 -in $dir/csr/$DevID.csr.$format\ 645 -out $dir/certs/$DevID.cert.$format 646 chmod 444 $dir/certs/$DevID.cert.$format 648 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 649 $dir/certs/$DevID.cert.$format 650 openssl x509 -noout -text -in $dir/certs/$DevID.cert.$format 651 openssl asn1parse -i -in $dir/certs/$DevID.cert.pem 653 # offset of start of hardwareModuleName and use that in place of 493 654 openssl asn1parse -i -strparse 493 -in $dir/certs/$DevID.cert.pem 656 658 7. Setting up a CRL for an Intermediate CA 660 This part provides CRL support to an Intermediate CA. In this memo 661 it applies to both Intermediate CAs. Set the crlDistributionPoints 662 as provided via the environment variables. 664 7.1. Create (or recreate) the CRL 666 It is simple to create the CRL. The CRL consists of the certificates 667 flagged with an R (Revoked) in index.txt: 669 file "crl-creation.sh" 671 # Select which Intermediate level 672 intermediate=intermediate 673 #intermediate=8021ARintermediate 674 dir=$cadir/$intermediate 675 crl=$intermediate.crl.pem 677 # Create CRL file 678 openssl ca -config $dir/openssl-$intermediate.cnf \ 679 -gencrl -out $dir/crl/$crl 680 chmod 444 $dir/crl/$crl 682 openssl crl -in $dir/crl/$crl -noout -text 684 686 7.2. Revoke a Certificate 688 Revoking a certificate is a two step process. First identify the 689 target certificate, examples are listed below. Revoke it then 690 publish a new CRL. 692 file "revoke-step1.sh" 694 targetcert=fqdn 695 #targetcert=clientemail 696 #targetcert=DevID 698 openssl ca -config $dir/openssl-$intermediate.cnf\ 699 -revoke $dir/certs/$targetcert.cert.$format 701 703 Recreate the CRL using Section 7.1. 705 8. Setting up OCSP for an Intermediate CA 707 This part provides OCSP support to an Intermediate CA. In this memo 708 it applies to both Intermediate CAs. Set the authorityInfoAccess as 709 provided via the environment variables. 711 8.1. Create the OCSP Certificate 713 OCSP needs a signing certificate. This certificate must be signed by 714 the CA that signed the certificate being checked. The steps to 715 create this certificate is the similar to a Server certificate for 716 the CA: 718 file "ocsp-setup.sh" 720 # Select which Intermediate level 721 intermediate=intermediate 722 #intermediate=8021ARintermediate 723 # Optionally, password encrypt key pair 724 encryptkey= 725 #encryptkey=-aes256 727 # Create the key pair in Intermediate level $intermediate 728 cd $dir 729 openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:prime256v1\ 730 $encryptkey -pkeyopt ec_param_enc:named_curve\ 731 -out $dir/private/$ocspurl.key.$format 732 chmod 400 $dir/private/$ocspurl.$format 733 openssl pkey -in $dir/private/$ocspurl.key.$format -text -noout 735 # Create CSR 736 commonName= 737 DN=$countryName$stateOrProvinceName$localityName 738 DN=$DN$organizationName$organizationalUnitName$commonName 739 echo $DN 740 emailaddr=postmaster@htt-consult.com 741 export subjectAltName="DNS:$ocspurl, email:$emailaddr" 742 echo $subjectAltName 743 openssl req -config $dir/openssl-$intermediate.cnf\ 744 -key $dir/private/$ocspurl.key.$format \ 745 -subj "$DN" -new -sha256 -out $dir/csr/$ocspurl.csr.$format 747 openssl req -text -noout -verify -in $dir/csr/$ocspurl.csr.$format 749 # Create Certificate 751 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 752 # Note 'openssl ca' does not support DER format 753 openssl ca -config $dir/openssl-$intermediate.cnf -days 375\ 754 -extensions ocsp -notext -md sha256 \ 755 -in $dir/csr/$ocspurl.csr.$format\ 756 -out $dir/certs/$ocspurl.cert.$format 757 chmod 444 $dir/certs/$ocspurl.cert.$format 759 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 760 $dir/certs/$ocspurl.cert.$format 761 openssl x509 -noout -text -in $dir/certs/$ocspurl.cert.$format 763 765 8.2. Revoke a Certificate 767 Revoke the certificate as in Section 7.2. The OCSP responder SHOULD 768 detect the flag change in index.txt and, when queried respond 769 appropriately. 771 8.3. Testing OCSP with Openssl 773 OpenSSL provides a simple OCSP service that can be used to test the 774 OCSP certificate and revocation process (Note that this only reads 775 the index.txt to get the certificate status at startup). 777 In a terminal window, set variables dir and ocspurl (examples below), 778 then run the simple OCSP service: 780 file "run-ocsp-server.sh" 782 dir=/root/ca/intermediate 783 ocspurl=ocsp.htt-consult.com 785 openssl ocsp -port 2560 -text -rmd sha256\ 786 -index $dir/index.txt \ 787 -CA $dir/certs/ca-chain.cert.pem \ 788 -rkey $dir/private/$ocspurl.key.pem \ 789 -rsigner $dir/certs/$ocspurl.cert.pem \ 790 -nrequest 1 792 794 In another window, test out a certificate status with: 796 file "test-ocsp-server.sh" 798 targetcert=fqdn 799 #targetcert=clientemail 800 #targetcert=DevID 802 openssl ocsp -CAfile $dir/certs/ca-chain.cert.pem \ 803 -url http://127.0.0.1:2560 -resp_text -sha256\ 804 -issuer $dir/certs/$intermediate.cert.pem \ 805 -cert $dir/certs/$targetcert.cert.pem 807 809 Revoke the certificate, Section 7.2, restart the test Responder again 810 as above, then check the certificate status. 812 9. Footnotes 814 Creating this document was a real education in the state of openSSL, 815 X.509 certificate guidance, and just general level of certificate 816 awareness. Here are a few short notes. 818 9.1. Certificate Serial Number 820 The certificate serial number's role is to provide yet another way to 821 maintain uniqueness of certificates within a pki as well as a way to 822 index them in a data store. It has taken on other roles, most 823 notably as a defense. 825 The CABForum guideline for a public CA is for the serial number to be 826 a random number at least 8 octets long and no longer than 20 bytes. 827 By default, openssl makes self-signed certificates with 8 octet 828 serial numbers. This guide uses openssl's RAND function to generate 829 the random value and pipe it into the -set_serial option. This 830 number MAY have the first bit as a ONE; the DER encoding rules 831 prepend such numbers with 0x00. Thus the limit of '19' for the 832 variable 'ns'. 834 A private CA need not follow the CABForum rules and can use anything 835 number for the serial number. For example, the root CA (which has no 836 security risks mitigated by using a random value) could use '1' as 837 its serial number. Intermediate and End Entity certificate serial 838 numbers can also be of any value if a strong hash, like SHA256 used 839 here. A value of 4 for ns would provide a sufficient population so 840 that a CA of 10,000 EE certificates will have only a 1.2% probability 841 of a collision. For only 1,000 certificates the probability drops to 842 0.012%. 844 The following was proposed on the openssl-user list as an alternative 845 to using the RAND function: 847 Keep k bits (k/8 octets) long serial numbers for all your 848 certificates, chose a block cipher operating on blocks of k bits, and 849 operate this block cipher in CTR mode, with a proper secret key and 850 secret starting counter. That way, no collision detection is 851 necessary, you'll be able to generate 2^(k/2) unique k bits longs 852 serial numbers (in fact, you can generate 2^k unique serial numbers, 853 but after 2^(k/2) you lose some security guarantees). 855 With 3DES, k=64, and with AES, k=128. 857 9.2. Some OpenSSL config file limitations 859 There is a bit of inconsistency in how different parts and fields in 860 the config file are used. Environment variables can only be used as 861 values. Some fields can have null values, others cannot. The lack 862 of allowing null fields means a script cannot feed in an environment 863 variable with value null. In such a case, the field has to be 864 removed from the config file. 866 The expectation is each CA within a PKI has its own config file, 867 customized to the certificates supported by that CA. 869 9.3. subjectAltName support, or lack thereof 871 There is no direct openssl command line option to provide a 872 subjectAltName for a certificate. This is a serious limitation. Per 873 RFC 5280 [RFC5280] SAN is the object for providing email addresses 874 and DNS addresses (FQDN), yet the common practice has been to use the 875 commonName object within the distinguishedName object. How much of 876 this is due to the difficulty in creating certificates with a SAN? 878 Thus the only way to provide a SAN is through the config file. And 879 there are two approaches. This document uses an environment variable 880 to provide the SAN value into the config file. Another approach is 881 to use piping as in: 883 file "san-creation-pipe.sh" 884 openssl req -new -sha256 -key domain.key\ 885 -subj "/C=US/ST=CA/O=Acme, Inc./CN=foo.com" -reqexts SAN\ 886 -config <(cat /etc/ssl/openssl.cnf\ 887 <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))\ 888 -out domain.csr 890 892 9.4. Certificates with only subjectAltName 894 Also in RFC 5280 [RFC5280] (sec 4.2.1.6): if the only subject 895 identity in the certificate is in subjectAltName, then Subject MUST 896 be empty and subjectAltName MUST be marked as critical. 898 This can be achieved with the variable DN=/ and subjectAltName 899 (example given): 901 DN=/ 902 export subjectAltName=critical,email:postmaster@htt-consult.com 904 9.5. DER support, or lack thereof 906 The long, hard-fought battle with openssl to create a full DER pki 907 failed. The is no facility to create a DER certificate from a DER 908 CSR. It just is not there in the 'openssl ca' command. Even the 909 'openssl x509 -req' command cannot do this for a simple certificate. 911 Further, there is no 'hack' for making a certificate chain as there 912 is with PEM. With PEM a simple concatenation of the certificates 913 create a usable certificate chain. For DER, some recommend using 914 PKCS#7 [RFC2315], where others point out that this format is poorly 915 support 'in the field', whereas PKCS#12 [RFC7292] works for them. 917 Finally, openssl does supports converting a PEM certificate to DER: 919 openssl x509 -outform der -in certificate.pem -out certificate.der 921 This should also work for the keypair. However, in a highly 922 constrained device it may make more sense to just store the raw 923 keypair in the device's very limited secure storage. 925 10. IANA Considerations 927 TBD. May be nothing for IANA. 929 11. Security Considerations 931 11.1. Adequate Randomness 933 Creating certificates takes a lot of random numbers. A good source 934 of random numbers is critical. Studies [WeakKeys] have found 935 excessive amount of certificates, all with the same keys due to bad 936 randomness on the generating systems. The amount of entropy 937 available for these random numbers can be tested. On Fedora/Centos 938 and most Linux systems use: 940 cat /proc/sys/kernel/random/entropy_avail 942 If the value is low (below 1000) check your system's randomness 943 source. Is rng-tools installed? Consider adding an entropy 944 collection service like haveged from issihosts.com/haveged. 946 11.2. Key pair Theft 948 During the certificate creation, particularly during keypair 949 generation, the files are vulnerable to theft. This can be mitigate 950 using umask. Before using openssl, set umask: 952 restore_mask=$(umask -p) 953 umask 077 955 Afterwards, restore it with: 957 $restore_mask 959 or just close the shell that was used, and start a new one. (The -p 960 option to umask is a bash-ism) 962 There is nothing in these recipes that requires super-user on the 963 system creating the certificates. Provided that adequate randomness 964 is available, a virtual machine or container is entirely appropriate. 965 Containers tend to have better access to randomness than virtual 966 machines. 968 The scripts and configuration files and in particular, private keys, 969 may be kept offline on a USB key for instance, and loaded when 970 needed. 972 The OCSP server needs to be online and available to all clients that 973 will use the certificates. This may mean available on the Internet. 974 A firewall can protect the OCSP server, and port-forwards and/or ACL 975 rules can restrict access to just the OCSP port. OCSP artifacts are 976 signed by a key designed for that purpose only so do not require that 977 the associated CA key be available online. 979 Generating new CRLs, however, requires that the CA signing key be 980 online, which is one of the reasons for creating an intermediate CA. 982 12. Acknowledgments 984 This work was jump started by the excellent RSA pki guide by Jamie 985 Nguyen. The openssl-user mailing list, with its many supportive 986 experts; in particular: Rich Salz, Jakob Bolm, Viktor Dukhovni, and 987 Erwann Abalea, was of immense help as was the openssl man pages 988 website. 990 Finally, "Professor Google" was always ready to point to answers to 991 questions like: "openssl subjectAltName on the command line". And 992 the Professor, it seems, never tires of answering even trivial 993 questions. 995 13. References 997 13.1. Normative References 999 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1000 Requirement Levels", BCP 14, RFC 2119, 1001 DOI 10.17487/RFC2119, March 1997, 1002 . 1004 13.2. Informative References 1006 [IEEE.802.1AR_2009] 1007 IEEE, "IEEE Standard for Local and metropolitan area 1008 networks - Secure Device Identity", IEEE 802.1AR-2009, 1009 DOI 10.1109/ieeestd.2009.5367679, December 2009, 1010 . 1013 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 1014 Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, 1015 . 1017 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 1018 Housley, R., and W. Polk, "Internet X.509 Public Key 1019 Infrastructure Certificate and Certificate Revocation List 1020 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 1021 . 1023 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 1024 and M. Scott, "PKCS #12: Personal Information Exchange 1025 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 1026 . 1028 [WeakKeys] 1029 Heninger, N., Durumeric, Z., Wustrow, E., and J. 1030 Halderman, "Detection of Widespread Weak Keys in Network 1031 Devices", July 2011, 1032 . 1035 Appendix A. OpenSSL config files 1037 A.1. OpenSSL Root config file 1039 The following is the openssl-root.cnf file contents 1041 # OpenSSL root CA configuration file. 1042 # Copy to `$dir/openssl.cnf`. 1044 [ ca ] 1045 # `man ca` 1046 default_ca = CA_default 1048 [ CA_default ] 1049 # Directory and file locations. 1050 dir = $ENV::rootca 1051 cadir = $ENV::cadir 1052 format = $ENV::format 1054 certs = $dir/certs 1055 crl_dir = $dir/crl 1056 new_certs_dir = $dir/newcerts 1057 database = $dir/index.txt 1058 serial = $dir/serial 1059 RANDFILE = $dir/private/.rand 1061 # The root key and root certificate. 1062 private_key = $dir/private/ca.key.$format 1063 certificate = $cadir/certs/ca.cert.$format 1065 # For certificate revocation lists. 1066 crlnumber = $dir/crlnumber 1067 crl = $dir/crl/ca.crl.pem 1068 crl_extensions = crl_ext 1069 default_crl_days = 30 1071 # SHA-1 is deprecated, so use SHA-2 instead. 1072 default_md = sha256 1074 name_opt = ca_default 1075 cert_opt = ca_default 1076 default_days = 375 1077 preserve = no 1078 policy = policy_strict 1079 copy_extensions = copy 1081 [ policy_strict ] 1082 # The root CA should only sign intermediate certificates that match. 1083 # See the POLICY FORMAT section of `man ca`. 1084 countryName = optional 1085 stateOrProvinceName = optional 1086 organizationName = optional 1087 organizationalUnitName = optional 1088 commonName = optional 1090 [ policy_loose ] 1091 # Allow the intermediate CA to sign a more 1092 # diverse range of certificates. 1093 # See the POLICY FORMAT section of the `ca` man page. 1094 countryName = optional 1095 stateOrProvinceName = optional 1096 localityName = optional 1097 organizationName = optional 1098 organizationalUnitName = optional 1099 commonName = optional 1101 [ req ] 1102 # Options for the `req` tool (`man req`). 1103 default_bits = 2048 1104 distinguished_name = req_distinguished_name 1105 string_mask = utf8only 1106 req_extensions = req_ext 1108 # SHA-1 is deprecated, so use SHA-2 instead. 1109 default_md = sha256 1111 # Extension to add when the -x509 option is used. 1112 x509_extensions = v3_ca 1114 [ req_distinguished_name ] 1115 # See . 1116 countryName = Country Name (2 letter code) 1117 stateOrProvinceName = State or Province Name 1118 localityName = Locality Name 1119 0.organizationName = Organization Name 1120 organizationalUnitName = Organizational Unit Name 1121 commonName = Common Name 1123 # Optionally, specify some defaults. 1124 # countryName_default = US 1125 # stateOrProvinceName_default = MI 1126 # localityName_default = Oak Park 1127 # 0.organizationName_default = HTT Consulting 1128 # organizationalUnitName_default = 1130 [ req_ext ] 1131 subjectAltName = $ENV::subjectAltName 1133 [ v3_ca ] 1134 # Extensions for a typical CA (`man x509v3_config`). 1135 subjectKeyIdentifier = hash 1136 authorityKeyIdentifier = keyid:always,issuer 1137 basicConstraints = critical, CA:true 1138 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1139 keyUsage = critical, cRLSign, keyCertSign 1140 subjectAltName = $ENV::subjectAltName 1142 [ v3_intermediate_ca ] 1143 # Extensions for a typical intermediate CA (`man x509v3_config`). 1144 subjectKeyIdentifier = hash 1145 authorityKeyIdentifier = keyid:always,issuer 1146 basicConstraints = critical, CA:true, pathlen:0 1147 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1148 keyUsage = critical, cRLSign, keyCertSign 1150 [ crl_ext ] 1151 # Extension for CRLs (`man x509v3_config`). 1152 authorityKeyIdentifier=keyid:always 1154 [ ocsp ] 1155 # Extension for OCSP signing certificates (`man ocsp`). 1156 basicConstraints = CA:FALSE 1157 subjectKeyIdentifier = hash 1158 authorityKeyIdentifier = keyid,issuer 1159 keyUsage = critical, digitalSignature 1160 extendedKeyUsage = critical, OCSPSigning 1161 1163 A.2. OpenSSL Intermediate config file 1165 The following is the openssl-intermediate.cnf file contents. 1167 Remove the crlDistributionPoints to drop CRL support and 1168 authorityInfoAccess to drop OCSP support. 1170 # OpenSSL intermediate CA configuration file. 1171 # Copy to `$dir/intermediate/openssl-intermediate.cnf`. 1173 [ ca ] 1174 # `man ca` 1175 default_ca = CA_default 1177 [ CA_default ] 1178 # Directory and file locations. 1179 dir = $ENV::intdir 1180 cadir = $ENV::cadir 1181 format = $ENV::format 1183 certs = $dir/certs 1184 crl_dir = $dir/crl 1185 new_certs_dir = $dir/newcerts 1186 database = $dir/index.txt 1187 serial = $dir/serial 1188 RANDFILE = $dir/private/.rand 1190 # The Intermediate key and Intermediate certificate. 1191 private_key = $dir/private/intermediate.key.$format 1192 certificate = $cadir/certs/intermediate.cert.$format 1194 # For certificate revocation lists. 1195 crlnumber = $dir/crlnumber 1196 crl = $dir/crl/intermediate.crl.pem 1197 crl_extensions = crl_ext 1198 default_crl_days = $ENV::default_crl_days 1200 # SHA-1 is deprecated, so use SHA-2 instead. 1201 default_md = sha256 1203 name_opt = ca_default 1204 cert_opt = ca_default 1205 default_days = 375 1206 preserve = no 1207 policy = policy_loose 1208 copy_extensions = copy 1210 [ policy_strict ] 1211 # The root CA should only sign intermediate certificates that match. 1212 # See the POLICY FORMAT section of `man ca`. 1213 countryName = optional 1214 stateOrProvinceName = optional 1215 organizationName = optional 1216 organizationalUnitName = optional 1217 commonName = optional 1219 [ policy_loose ] 1220 # Allow the intermediate CA to sign a more 1221 # diverse range of certificates. 1222 # See the POLICY FORMAT section of the `ca` man page. 1223 countryName = optional 1224 stateOrProvinceName = optional 1225 localityName = optional 1226 organizationName = optional 1227 organizationalUnitName = optional 1228 commonName = optional 1229 UID = optional 1231 [ req ] 1232 # Options for the `req` tool (`man req`). 1233 default_bits = 2048 1234 distinguished_name = req_distinguished_name 1235 string_mask = utf8only 1236 req_extensions = req_ext 1238 # SHA-1 is deprecated, so use SHA-2 instead. 1239 default_md = sha256 1241 # Extension to add when the -x509 option is used. 1242 x509_extensions = v3_ca 1244 [ req_distinguished_name ] 1245 # See . 1246 countryName = Country Name (2 letter code) 1247 stateOrProvinceName = State or Province Name 1248 localityName = Locality Name 1249 0.organizationName = Organization Name 1250 organizationalUnitName = Organizational Unit Name 1251 commonName = Common Name 1252 UID = User ID 1254 # Optionally, specify some defaults. 1255 # countryName_default = US 1256 # stateOrProvinceName_default = MI 1257 # localityName_default = Oak Park 1258 # 0.organizationName_default = HTT Consulting 1259 # organizationalUnitName_default = 1261 [ req_ext ] 1262 subjectAltName = $ENV::subjectAltName 1264 [ v3_ca ] 1265 # Extensions for a typical CA (`man x509v3_config`). 1266 subjectKeyIdentifier = hash 1267 authorityKeyIdentifier = keyid:always,issuer 1268 basicConstraints = critical, CA:true 1269 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1270 keyUsage = critical, cRLSign, keyCertSign 1272 [ v3_intermediate_ca ] 1273 # Extensions for a typical intermediate CA (`man x509v3_config`). 1274 subjectKeyIdentifier = hash 1275 authorityKeyIdentifier = keyid:always,issuer 1276 basicConstraints = critical, CA:true, pathlen:0 1277 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1278 keyUsage = critical, cRLSign, keyCertSign 1280 [ usr_cert ] 1281 # Extensions for client certificates (`man x509v3_config`). 1282 basicConstraints = CA:FALSE 1283 nsCertType = client, email 1284 nsComment = "OpenSSL Generated Client Certificate" 1285 subjectKeyIdentifier = hash 1286 authorityKeyIdentifier = keyid,issuer 1287 keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment 1288 extendedKeyUsage = clientAuth, emailProtection 1289 # uncomment the following if the ENV variables set 1290 # crlDistributionPoints = $ENV::crlDP 1291 # authorityInfoAccess = $ENV::ocspIAI 1293 [ server_cert ] 1294 # Extensions for server certificates (`man x509v3_config`). 1295 basicConstraints = CA:FALSE 1296 nsCertType = server 1297 nsComment = "OpenSSL Generated Server Certificate" 1298 subjectKeyIdentifier = hash 1299 authorityKeyIdentifier = keyid,issuer:always 1300 keyUsage = critical, digitalSignature, keyEncipherment 1301 extendedKeyUsage = serverAuth 1302 # uncomment the following if the ENV variables set 1303 # crlDistributionPoints = $ENV::crlDP 1304 # authorityInfoAccess = $ENV::ocspIAI 1306 [ crl_ext ] 1307 # Extension for CRLs (`man x509v3_config`). 1308 authorityKeyIdentifier=keyid:always 1310 [ ocsp ] 1311 # Extension for OCSP signing certificates (`man ocsp`). 1312 basicConstraints = CA:FALSE 1313 subjectKeyIdentifier = hash 1314 authorityKeyIdentifier = keyid,issuer 1315 keyUsage = critical, digitalSignature 1316 extendedKeyUsage = critical, OCSPSigning 1317 1319 A.3. OpenSSL 802.1AR Intermediate config file 1321 The following is the openssl-8021ARintermediate.cnf file contents. 1323 Remove the crlDistributionPoints to drop CRL support and 1324 authorityInfoAccess to drop OCSP support. 1326 # OpenSSL 8021ARintermediate CA configuration file. 1327 # Copy to `$dir/8021ARintermediate/openssl-8021ARintermediate.cnf`. 1329 [ ca ] 1330 # `man ca` 1331 default_ca = CA_default 1333 [ CA_default ] 1334 # Directory and file locations. 1335 # dir = /root/ca/8021ARintermediate 1336 dir = $ENV::dir 1337 cadir = $ENV::cadir 1338 format = $ENV::format 1340 certs = $dir/certs 1341 crl_dir = $dir/crl 1342 new_certs_dir = $dir/newcerts 1343 database = $dir/index.txt 1344 serial = $dir/serial 1345 RANDFILE = $dir/private/.rand 1347 # The root key and root certificate. 1348 private_key = $dir/private/8021ARintermediate.key.$format 1349 certificate = $dir/certs/8021ARintermediate.cert.$format 1351 # For certificate revocation lists. 1352 crlnumber = $dir/crlnumber 1353 crl = $dir/crl/ca.crl.pem 1354 crl_extensions = crl_ext 1355 default_crl_days = $ENV::default_crl_days 1357 # SHA-1 is deprecated, so use SHA-2 instead. 1358 default_md = sha256 1360 name_opt = ca_default 1361 cert_opt = ca_default 1362 default_enddate = 99991231235959Z # per IEEE 802.1AR 1363 preserve = no 1364 policy = policy_loose 1365 copy_extensions = copy 1367 [ policy_strict ] 1368 # The root CA should only sign 8021ARintermediate 1369 # certificates that match. 1370 # See the POLICY FORMAT section of `man ca`. 1371 countryName = match 1372 stateOrProvinceName = match 1373 organizationName = match 1374 organizationalUnitName = optional 1375 commonName = optional 1377 [ policy_loose ] 1378 # Allow the 8021ARintermediate CA to sign 1379 # a more diverse range of certificates. 1380 # See the POLICY FORMAT section of the `ca` man page. 1382 countryName = optional 1383 stateOrProvinceName = optional 1384 localityName = optional 1385 organizationName = optional 1386 organizationalUnitName = optional 1387 commonName = optional 1388 serialNumber = optional 1390 [ req ] 1391 # Options for the `req` tool (`man req`). 1392 default_bits = 2048 1393 distinguished_name = req_distinguished_name 1394 string_mask = utf8only 1395 req_extensions = req_ext 1397 # SHA-1 is deprecated, so use SHA-2 instead. 1398 default_md = sha256 1400 # Extension to add when the -x509 option is used. 1401 x509_extensions = v3_ca 1403 [ req_distinguished_name ] 1404 # See . 1405 countryName = Country Name (2 letter code) 1406 stateOrProvinceName = State or Province Name 1407 localityName = Locality Name 1408 0.organizationName = Organization Name 1409 organizationalUnitName = Organizational Unit Name 1410 commonName = Common Name 1411 serialNumber = Device Serial Number 1413 # Optionally, specify some defaults. 1414 0.organizationName_default = HTT Consulting 1415 organizationalUnitName_default = Devices 1417 [ req_ext ] 1418 subjectAltName = $ENV::subjectAltName 1420 [ hmodname ] 1421 hwType = OID:$ENV::hwType 1422 hwSerialNum = FORMAT:HEX,OCT:$ENV::hwSerialNum 1424 [ v3_ca ] 1425 # Extensions for a typical CA (`man x509v3_config`). 1426 subjectKeyIdentifier = hash 1427 authorityKeyIdentifier = keyid:always,issuer 1428 basicConstraints = critical, CA:true 1429 keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1431 [ v3_8021ARintermediate_ca ] 1432 # Extensions for a typical 1433 # 8021ARintermediate CA (`man x509v3_config`). 1434 subjectKeyIdentifier = hash 1435 authorityKeyIdentifier = keyid:always,issuer 1436 basicConstraints = critical, CA:true, pathlen:0 1437 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1438 keyUsage = critical, cRLSign, keyCertSign 1440 [ 8021ar_idevid ] 1441 # Extensions for IEEE 802.1AR iDevID 1442 # certificates (`man x509v3_config`). 1443 basicConstraints = CA:FALSE 1444 authorityKeyIdentifier = keyid,issuer:always 1445 keyUsage = critical, digitalSignature, keyEncipherment 1446 # uncomment the following if the ENV variables set 1447 # crlDistributionPoints = $ENV::crlDP 1448 # authorityInfoAccess = $ENV::ocspIAI 1450 [ crl_ext ] 1451 # Extension for CRLs (`man x509v3_config`). 1452 authorityKeyIdentifier=keyid:always 1454 [ ocsp ] 1455 # Extension for OCSP signing certificates (`man ocsp`). 1456 basicConstraints = CA:FALSE 1457 subjectKeyIdentifier = hash 1458 authorityKeyIdentifier = keyid,issuer 1459 keyUsage = critical, digitalSignature 1460 extendedKeyUsage = critical, OCSPSigning 1461 1463 Authors' Addresses 1465 Robert Moskowitz 1466 HTT Consulting 1468 Oak Park, MI 48237 1470 Email: rgm@labs.htt-consult.com 1471 Henk Birkholz 1472 Fraunhofer SIT 1473 Rheinstrasse 75 1474 Darmstadt 64295 1475 Germany 1477 Email: henk.birkholz@sit.fraunhofer.de 1479 Liang Xia 1480 Huawei 1481 No. 101, Software Avenue, Yuhuatai District 1482 Nanjing 1483 China 1485 Email: Frank.xialiang@huawei.com 1487 Michael C. Richardson 1488 Sandelman Software Works 1490 Email: mcr+ietf@sandelman.ca 1491 URI: http://www.sandelman.ca/