idnits 2.17.1 draft-moskowitz-eddsa-pki-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 17, 2018) is 2048 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-10) exists of draft-moskowitz-ecdsa-pki-04 -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 wg TBD R. Moskowitz 3 Internet-Draft HTT Consulting 4 Intended status: Informational H. Birkholz 5 Expires: March 21, 2019 Fraunhofer SIT 6 M. Richardson 7 Sandelman 8 September 17, 2018 10 Guide for building an EDDSA pki 11 draft-moskowitz-eddsa-pki-00 13 Abstract 15 This memo provides a guide for building a PKI (Public Key 16 Infrastructure) using openSSL. Certificates in this guide can be 17 either ED25519 or ED448 certificates. Along with common End Entity 18 certificates, this guide provides instructions for creating IEEE 19 802.1AR iDevID Secure Device certificates. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on March 21, 2019. 38 Copyright Notice 40 Copyright (c) 2018 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 3 57 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 3 58 2.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3 59 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 60 3. Comparing ECDSA and EDDSA certificates . . . . . . . . . . . 3 61 4. The Basic PKI feature set . . . . . . . . . . . . . . . . . . 4 62 5. Getting started and the Root level . . . . . . . . . . . . . 5 63 5.1. Setting up the Environment . . . . . . . . . . . . . . . 5 64 5.2. Create the Root Certificate . . . . . . . . . . . . . . . 6 65 6. The Intermediate level . . . . . . . . . . . . . . . . . . . 7 66 6.1. Setting up the Intermediate Certificate Environment . . . 7 67 6.2. Create the Intermediate Certificate . . . . . . . . . . . 8 68 6.3. Create a Server EE Certificate . . . . . . . . . . . . . 9 69 6.4. Create a Client EE Certificate . . . . . . . . . . . . . 10 70 7. The 802.1AR Intermediate level . . . . . . . . . . . . . . . 11 71 7.1. Setting up the 802.1AR Intermediate Certificate 72 Environment . . . . . . . . . . . . . . . . . . . . . . . 11 73 7.2. Create the 802.1AR Intermediate Certificate . . . . . . . 12 74 7.3. Create an 802.1AR iDevID Certificate . . . . . . . . . . 13 75 8. Setting up a CRL for an Intermediate CA . . . . . . . . . . . 15 76 8.1. Create (or recreate) the CRL . . . . . . . . . . . . . . 15 77 8.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 15 78 9. Setting up OCSP for an Intermediate CA . . . . . . . . . . . 16 79 9.1. Create the OCSP Certificate . . . . . . . . . . . . . . . 16 80 9.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 17 81 9.3. Testing OCSP with Openssl . . . . . . . . . . . . . . . . 18 82 10. Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 18 83 10.1. Certificate Serial Number . . . . . . . . . . . . . . . 19 84 10.2. Some OpenSSL config file limitations . . . . . . . . . . 19 85 10.3. subjectAltName support, or lack thereof . . . . . . . . 20 86 10.4. DER support, or lack thereof . . . . . . . . . . . . . . 20 87 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 88 12. Security Considerations . . . . . . . . . . . . . . . . . . . 21 89 12.1. Adequate Randomness . . . . . . . . . . . . . . . . . . 21 90 12.2. Key pair Theft . . . . . . . . . . . . . . . . . . . . . 21 91 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 92 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 93 14.1. Normative References . . . . . . . . . . . . . . . . . . 22 94 14.2. Informative References . . . . . . . . . . . . . . . . . 22 95 Appendix A. OpenSSL config files . . . . . . . . . . . . . . . . 23 96 A.1. OpenSSL Root config file . . . . . . . . . . . . . . . . 23 97 A.2. OpenSSL Intermediate config file . . . . . . . . . . . . 25 98 A.3. OpenSSL 802.1AR Intermediate config file . . . . . . . . 29 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 101 1. Introduction 103 The IETF has adopted the Edwards Elliptic Curve and related 104 algorithms. These algorithms hold out the promise of greater 105 efficiency and better understood security risks. This efficiency 106 could make that critical difference to allow them to be used in some 107 constrained IoT devices. 109 This effort provides the steps, using the openSSL application, to 110 create such a PKI of ED25519 or ED448 certificates (RFC 8032 111 [RFC8032]). The goal is that any developer or tester can follow 112 these steps, create the basic objects needed and establish the 113 validity of the standard/program design. This guide can even be used 114 to create a production PKi, though additional steps need to be taken. 115 This could be very useful to a small vendor needing to include 116 802.1AR [IEEE.802.1AR_2009] iDevIDs in their product (Note: EDDSA 117 certificates are not supported in even the forthcoming 802.1AR-2018; 118 this is for future work). 120 This guide was developed with openSSL 1.1.1 on Fedora 29-beta and 121 creates PEM-based certificates. It closely follows 122 [I-D.moskowitz-ecdsa-pki]. 124 2. Terms and Definitions 126 2.1. Requirements Terminology 128 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 129 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 130 document are to be interpreted as described in RFC 2119 [RFC2119]. 132 2.2. Notations 134 This section will contain notations 136 2.3. Definitions 138 There are no draft specific definitions at this time 140 3. Comparing ECDSA and EDDSA certificates 142 There are two differences between ECDSA and EDDSA certificates that 143 impact the use of openSSL. There are no options with EDDSA, and thus 144 the pkeyopt variable is not used. 146 Likewise there are no hash options. For example, neither ED25519 or 147 ED448 signs a hash of the certificate. As such, none of the hash 148 options should be needed. 150 It should be noted here that ED25519 certificates can be ~100 bytes 151 smaller than corresponding ECDSA certificates. This size difference 152 may be critical in some devices and communication technologies. 153 ED448 certificates are similar in size with ECDSA p256 certificates 154 yet with a stronger security claim. 156 4. The Basic PKI feature set 158 A basic pki has two levels of hierarchy: Root and Intermediate. The 159 Root level has the greatest risk, and is the least used. It only 160 signs the Intermediate level signing certificate. As such, once the 161 Root level is created and signs the Intermediate level certificate it 162 can be locked up. In fact, the Root level could exist completely on 163 a uSD boot card for an ARM small computer like a RaspberryPi. A copy 164 of this card came be made and securely stored in a different 165 location. 167 The Root level contains the Root certificate private key, a database 168 of all signed certificates, and the public certificate. It can also 169 contain the Intermediate level public certificate and a Root level 170 CRL. 172 The Intermediate level contains the Intermediate certificate private 173 key, the public certificate, a database of all signed certificates, 174 the certificate trust chain, and Intermediate level CRL. It can also 175 contain the End Entity public certificates. The private key file 176 needs to be keep securely. For example as with the Root level, a mSD 177 image for an ARM computer could contain the complete Intermediate 178 level. This image is kept offline. The End Entity CSR is copied to 179 it, signed, and then the signed certificate and updated database are 180 moved to the public image that lacks the private key. 182 For a simple test pki, all files can be kept on a single system that 183 is managed by the tester. 185 End Entities create a key pair and a Certificate Signing Request 186 (CSR). The private key is stored securely. The CSR is delivered to 187 the Intermediate level which uses the CSR to create the End Entity 188 certificate. This certificate, along with the trust chain back to 189 the root, is then returned to the End Entity. 191 There is more to a pki, but this suffices for most development and 192 testing needs. 194 5. Getting started and the Root level 196 This guide was developed on a Fedora 29-beta armv7hl system 197 (Cubieboard2 SoC). It should work on most Linux and similar systems 198 that support openSSL 1.1.1. All work was done in a terminal window 199 with extensive "cutting and pasting" from this draft guide into the 200 terminal window. Users of this guide may find different behaviors 201 based on their system. 203 5.1. Setting up the Environment 205 The first step is to create the pki environment. Modify the 206 variables to suit your needs. 208 export dir=/root/ca 209 export cadir=/root/ca 210 export format=pem 211 export algorithm=ed25519 # or ed448 212 mkdir $dir 213 cd $dir 214 mkdir certs crl csr newcerts private 215 chmod 700 private 216 touch index.txt 217 touch serial 218 sn=8 220 countryName="/C=US" 221 stateOrProvinceName="/ST=MI" 222 localityName="/L=Oak Park" 223 organizationName="/O=HTT Consulting" 224 #organizationalUnitName="/OU=" 225 organizationalUnitName= 226 commonName="/CN=Root CA" 227 DN=$countryName$stateOrProvinceName$localityName 228 DN=$DN$organizationName$organizationalUnitName$commonName 229 echo $DN 230 export subjectAltName=email:postmaster@htt-consult.com 232 Where: 234 dir 235 Directory for certificate files 237 cadir 238 Directory for Root certificate files 240 Format 241 File encoding: PEM or DER 242 At this time only PEM works 244 sn 245 Serial Number length in bytes 246 For a public CA the range is 8 to 19 248 The Serial Number length for a public pki ranges from 8 to 19 bytes. 249 The use of 19 rather than 20 is to accommodate the hex representation 250 of the Serial Number. If it has a one in the high order bit, DER 251 encoding rules will place a 0x00 in front. 253 The DN and SAN fields are examples. Change them to appropriate 254 values. If you leave one blank, it will be left out of the 255 Certificate. "OU" above is an example of an empty DN object. 257 Create the file, $dir/openssl-root.cnf from the contents in 258 Appendix A.1. 260 5.2. Create the Root Certificate 262 Next are the openssl commands to create the Root certificate keypair, 263 and the Root certificate. Included are commands to view the file 264 contents. 266 # Create passworded keypair file 268 openssl genpkey -aes256 -algorithm $algorithm\ 269 -outform $format -out $dir/private/ca.key.$format 270 chmod 400 $dir/private/ca.key.$format 271 openssl pkey -inform $format -in $dir/private/ca.key.$format\ 272 -text -noout 274 # Create Self-signed Root Certificate file 275 # 7300 days = 20 years; Intermediate CA is 10 years. 277 openssl req -config $dir/openssl-root.cnf\ 278 -set_serial 0x$(openssl rand -hex $sn)\ 279 -keyform $format -outform $format\ 280 -key $dir/private/ca.key.$format -subj "$DN"\ 281 -new -x509 -days 7300 -extensions v3_ca\ 282 -out $dir/certs/ca.cert.$format 284 # 286 openssl x509 -inform $format -in $dir/certs/ca.cert.$format\ 287 -text -noout 288 openssl x509 -purpose -inform $format\ 289 -in $dir/certs/ca.cert.$format -inform $format 291 6. The Intermediate level 293 6.1. Setting up the Intermediate Certificate Environment 295 The next part is to create the Intermediate pki environment. Modify 296 the variables to suit your needs. In particular, set the variables 297 for CRL and/or OCSP support. 299 export dir=$cadir/intermediate 300 mkdir $dir 301 cd $dir 302 mkdir certs crl csr newcerts private 303 chmod 700 private 304 touch index.txt 305 sn=8 # hex 8 is minimum, 19 is maximum 306 echo 1000 > $dir/crlnumber 308 # cd $dir 309 export crlDP= 310 # For CRL support use uncomment these: 311 #crl=intermediate.crl.pem 312 #crlurl=www.htt-consult.com/pki/$crl 313 #export crlDP="URI:http://$crlurl" 314 export default_crl_days=30 315 export ocspIAI= 316 # For OCSP support use uncomment these: 317 #ocspurl=ocsp.htt-consult.com 318 #export ocspIAI="OCSP;URI:http://$ocspurl" 320 commonName="/CN=Signing CA" 321 DN=$countryName$stateOrProvinceName$localityName$organizationName 322 DN=$DN$organizationalUnitName$commonName 323 echo $DN 325 Create the file, $dir/openssl-intermediate.cnf from the contents in 326 Appendix A.2. Uncomment lines for crlDistributionPoints and 327 authorityInfoAccess if using CRLs or OSCP repectfully. 329 6.2. Create the Intermediate Certificate 331 Here are the openssl commands to create the Intermediate certificate 332 keypair, Intermediate certificate signed request (CSR), and the 333 Intermediate certificate. Included are commands to view the file 334 contents. 336 # Create passworded keypair file 338 openssl genpkey -aes256 -algorithm $algorithm\ 339 -outform $format -out $dir/private/intermediate.key.$format 340 chmod 400 $dir/private/intermediate.key.$format 341 openssl pkey -inform $format\ 342 -in $dir/private/intermediate.key.$format -text -noout 344 # Create the CSR 346 openssl req -config $cadir/openssl-root.cnf\ 347 -key $dir/private/intermediate.key.$format \ 348 -keyform $format -outform $format -subj "$DN" -new\ 349 -out $dir/csr/intermediate.csr.$format 350 openssl req -text -noout -verify -inform $format\ 351 -in $dir/csr/intermediate.csr.$format 353 # Create Intermediate Certificate file 355 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 356 # Note 'openssl ca' does not support DER format 357 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 358 -extensions v3_intermediate_ca -notext \ 359 -in $dir/csr/intermediate.csr.$format\ 360 -out $dir/certs/intermediate.cert.pem 362 chmod 444 $dir/certs/intermediate.cert.$format 364 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 365 $dir/certs/intermediate.cert.$format 367 openssl x509 -noout -text -in $dir/certs/intermediate.cert.$format 369 # Create the certificate chain file 371 cat $dir/certs/intermediate.cert.$format\ 372 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 373 chmod 444 $dir/certs/ca-chain.cert.$format 375 6.3. Create a Server EE Certificate 377 Here are the openssl commands to create a Server End Entity 378 certificate keypair, Server certificate signed request (CSR), and the 379 Server certificate. Included are commands to view the file contents. 381 commonName= 382 DN=$countryName$stateOrProvinceName$localityName 383 DN=$DN$organizationName$organizationalUnitName$commonName 384 echo $DN 385 serverfqdn=www.example.com 386 emailaddr=postmaster@htt-consult.com 387 export subjectAltName="DNS:$serverfqdn, email:$emailaddr" 388 echo $subjectAltName 389 openssl genpkey -algorithm $algorithm\ 390 -out $dir/private/$serverfqdn.key.$format 391 chmod 400 $dir/private/$serverfqdn.$format 392 openssl pkey -in $dir/private/$serverfqdn.key.$format -text -noout 393 openssl req -config $dir/openssl-intermediate.cnf\ 394 -key $dir/private/$serverfqdn.key.$format \ 395 -subj "$DN" -new -out $dir/csr/$serverfqdn.csr.$format 397 openssl req -text -noout -verify -in $dir/csr/$serverfqdn.csr.$format 399 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 400 # Note 'openssl ca' does not support DER format 401 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 402 -extensions server_cert -notext \ 403 -in $dir/csr/$serverfqdn.csr.$format\ 404 -out $dir/certs/$serverfqdn.cert.$format 405 chmod 444 $dir/certs/$serverfqdn.cert.$format 407 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 408 $dir/certs/$serverfqdn.cert.$format 409 openssl x509 -noout -text -in $dir/certs/$serverfqdn.cert.$format 411 6.4. Create a Client EE Certificate 413 Here are the openssl commands to create a Client End Entity 414 certificate keypair, Client certificate signed request (CSR), and the 415 Client certificate. Included are commands to view the file contents. 417 commonName= 418 UserID="/UID=rgm" 419 DN=$countryName$stateOrProvinceName$localityName 420 DN=$DN$organizationName$organizationalUnitName$commonName$UserID 421 echo $DN 422 clientemail=rgm@example.com 423 export subjectAltName="email:$clientemail" 424 echo $subjectAltName 425 openssl genpkey -algorithm $algorithm\ 426 -out $dir/private/$clientemail.key.$format 427 chmod 400 $dir/private/$clientemail.$format 428 openssl pkey -in $dir/private/$clientemail.key.$format -text -noout 429 openssl req -config $dir/openssl-intermediate.cnf\ 430 -key $dir/private/$clientemail.key.$format \ 431 -subj "$DN" -new -out $dir/csr/$clientemail.csr.$format 433 openssl req -text -noout -verify\ 434 -in $dir/csr/$clientemail.csr.$format 436 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 437 # Note 'openssl ca' does not support DER format 438 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 439 -extensions usr_cert -notext \ 440 -in $dir/csr/$clientemail.csr.$format\ 441 -out $dir/certs/$clientemail.cert.$format 442 chmod 444 $dir/certs/$clientemail.cert.$format 444 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 445 $dir/certs/$clientemail.cert.$format 446 openssl x509 -noout -text -in $dir/certs/$clientemail.cert.$format 448 7. The 802.1AR Intermediate level 450 7.1. Setting up the 802.1AR Intermediate Certificate Environment 452 The next part is to create the 802.1AR Intermediate pki environment. 453 This is very similar to the Intermediate pki environment. Modify the 454 variables to suit your needs. 456 export dir=$cadir/8021ARintermediate 457 mkdir $dir 458 cd $dir 459 mkdir certs crl csr newcerts private 460 chmod 700 private 461 touch index.txt 462 sn=8 # hex 8 is minimum, 19 is maximum 463 echo 1000 > $dir/crlnumber 465 # cd $dir 466 export crlDP= 467 # For CRL support use uncomment these: 468 #crl=8021ARintermediate.crl.pem 469 #crlurl=www.htt-consult.com/pki/$crl 470 #export crlDP="URI:http://$crlurl" 471 export default_crl_days=30 472 export ocspIAI= 473 # For OCSP support use uncomment these: 474 #ocspurl=ocsp.htt-consult.com 475 #export ocspIAI="OCSP;URI:http://$ocspurl" 477 countryName="/C=US" 478 stateOrProvinceName="/ST=MI" 479 localityName="/L=Oak Park" 480 organizationName="/O=HTT Consulting" 481 organizationalUnitName="/OU=Devices" 482 #organizationalUnitName= 483 commonName="/CN=802.1AR CA" 484 DN=$countryName$stateOrProvinceName$localityName$organizationName 485 DN=$DN$organizationalUnitName$commonName 486 echo $DN 487 export subjectAltName=email:postmaster@htt-consult.com 488 echo $subjectAltName 490 Create the file, $dir/openssl-8021ARintermediate.cnf from the 491 contents in Appendix A.3. Uncomment lines for crlDistributionPoints 492 and authorityInfoAccess if using CRLs or OSCP repectfully. 494 7.2. Create the 802.1AR Intermediate Certificate 496 Here are the openssl commands to create the 802.1AR Intermediate 497 certificate keypair, 802.1AR Intermediate certificate signed request 498 (CSR), and the 802.1AR Intermediate certificate. Included are 499 commands to view the file contents. 501 # Create passworded keypair file 503 openssl genpkey -aes256 -algorithm $algorithm\ 504 -outform $format -out $dir/private/8021ARintermediate.key.$format 505 chmod 400 $dir/private/8021ARintermediate.key.$format 506 openssl pkey -inform $format\ 507 -in $dir/private/8021ARintermediate.key.$format -text -noout 509 # Create the CSR 511 openssl req -config $cadir/openssl-root.cnf\ 512 -key $dir/private/8021ARintermediate.key.$format \ 513 -keyform $format -outform $format -subj "$DN" -new\ 514 -out $dir/csr/8021ARintermediate.csr.$format 515 openssl req -text -noout -verify -inform $format\ 516 -in $dir/csr/8021ARintermediate.csr.$format 518 # Create 802.1AR Intermediate Certificate file 519 # The following does NOT work for DER 521 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 522 # Note 'openssl ca' does not support DER format 523 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 524 -extensions v3_intermediate_ca -notext\ 525 -in $dir/csr/8021ARintermediate.csr.$format\ 526 -out $dir/certs/8021ARintermediate.cert.pem 528 chmod 444 $dir/certs/8021ARintermediate.cert.$format 530 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 531 $dir/certs/8021ARintermediate.cert.$format 533 openssl x509 -noout -text\ 534 -in $dir/certs/8021ARintermediate.cert.$format 536 # Create the certificate chain file 538 cat $dir/certs/8021ARintermediate.cert.$format\ 539 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 540 chmod 444 $dir/certs/ca-chain.cert.$format 542 7.3. Create an 802.1AR iDevID Certificate 544 Here are the openssl commands to create a 802.1AR iDevID certificate 545 keypair, iDevID certificate signed request (CSR), and the iDevID 546 certificate. Included are commands to view the file contents. 548 DevID=Wt1234 549 countryName= 550 stateOrProvinceName= 551 localityName= 552 organizationName="/O=HTT Consulting" 553 organizationalUnitName="/OU=Devices" 554 commonName= 555 serialNumber="/serialNumber=$DevID" 556 DN=$countryName$stateOrProvinceName$localityName 557 DN=$DN$organizationName$organizationalUnitName$commonName 558 DN=$DN$serialNumber 559 echo $DN 561 # hwType is OID for HTT Consulting, devices, sensor widgets 562 export hwType=1.3.6.1.4.1.6715.10.1 563 export hwSerialNum=01020304 # Some hex 564 export subjectAltName="otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname" 565 echo $hwType - $hwSerialNum 567 openssl genpkey -algorithm $algorithm\ 568 -out $dir/private/$DevID.key.$format 569 chmod 400 $dir/private/$DevID.key.$format 570 openssl pkey -in $dir/private/$DevID.key.$format -text -noout 571 openssl req -config $dir/openssl-8021ARintermediate.cnf\ 572 -key $dir/private/$DevID.key.$format \ 573 -subj "$DN" -new -out $dir/csr/$DevID.csr.$format 575 openssl req -text -noout -verify\ 576 -in $dir/csr/$DevID.csr.$format 577 openssl asn1parse -i -in $dir/csr/$DevID.csr.pem 578 # offset of start of hardwareModuleName and use that in place of 141 579 openssl asn1parse -i -strparse 141 -in $dir/csr/$DevID.csr.pem 581 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 582 # Note 'openssl ca' does not support DER format 583 openssl ca -config $dir/openssl-8021ARintermediate.cnf -days 375\ 584 -extensions 8021ar_idevid -notext \ 585 -in $dir/csr/$DevID.csr.$format\ 586 -out $dir/certs/$DevID.cert.$format 587 chmod 444 $dir/certs/$DevID.cert.$format 589 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 590 $dir/certs/$DevID.cert.$format 591 openssl x509 -noout -text -in $dir/certs/$DevID.cert.$format 592 openssl asn1parse -i -in $dir/certs/$DevID.cert.pem 594 # offset of start of hardwareModuleName and use that in place of 576 595 openssl asn1parse -i -strparse 576 -in $dir/certs/$DevID.cert.pem 597 8. Setting up a CRL for an Intermediate CA 599 This part provides CRL support to an Intermediate CA. In this memo 600 it applies to both Intermediate CAs. Set the crlDistributionPoints 601 as provided via the environment variables. 603 8.1. Create (or recreate) the CRL 605 It is simple to create the CRL. The CRL consists of the certificates 606 flagged with an R (Revoked) in index.txt: 608 # Select which Intermediate level 609 intermediate=intermediate 610 #intermediate=8021ARintermediate 611 dir=$cadir/$intermediate 612 crl=$intermediate.crl.pem 613 cd $dir 615 # Create CRL file 616 openssl ca -config $dir/openssl-$intermediate.cnf \ 617 -gencrl -out $dir/crl/$crl 618 chmod 444 $dir/crl/$crl 620 openssl crl -in $dir/crl/$crl -noout -text 622 8.2. Revoke a Certificate 624 Revoking a certificate is a two step process. First identify the 625 target certificate, examples are listed below. Revoke it then 626 publish a new CRL. 628 targetcert=fqdn 629 #targetcert=clientemail 630 #targetcert=DevID 632 openssl ca -config $dir/openssl-$intermediate.cnf\ 633 -revoke $dir/certs/$targetcert.cert.$format 635 Recreate the CRL using Section 8.1. 637 9. Setting up OCSP for an Intermediate CA 639 This part provides OCSP support to an Intermediate CA. In this memo 640 it applies to both Intermediate CAs. Set the authorityInfoAccess as 641 provided via the environment variables. 643 9.1. Create the OCSP Certificate 645 OCSP needs a signing certificate. This certificate must be signed by 646 the CA that signed the certificate being checked. The steps to 647 create this certificate is the similar to a Server certificate for 648 the CA: 650 # Select which Intermediate level 651 intermediate=intermediate 652 #intermediate=8021ARintermediate 653 # Optionally, password encrypt key pair 654 encryptkey= 655 #encryptkey=-aes256 657 # Create the key pair in Intermediate level $intermediate 658 cd $dir 659 openssl genpkey -algorithm $algorithm\ 660 $encryptkey -out $dir/private/$ocspurl.key.$format 661 chmod 400 $dir/private/$ocspurl.$format 662 openssl pkey -in $dir/private/$ocspurl.key.$format -text -noout 664 # Create CSR 665 commonName= 666 DN=$countryName$stateOrProvinceName$localityName 667 DN=$DN$organizationName$organizationalUnitName$commonName 668 echo $DN 669 emailaddr=postmaster@htt-consult.com 670 export subjectAltName="DNS:$ocspurl, email:$emailaddr" 671 echo $subjectAltName 672 openssl req -config $dir/openssl-$intermediate.cnf\ 673 -key $dir/private/$ocspurl.key.$format \ 674 -subj "$DN" -new -out $dir/csr/$ocspurl.csr.$format 676 openssl req -text -noout -verify -in $dir/csr/$ocspurl.csr.$format 678 # Create Certificate 680 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 681 # Note 'openssl ca' does not support DER format 682 openssl ca -config $dir/openssl-$intermediate.cnf -days 375\ 683 -extensions ocsp -notext \ 684 -in $dir/csr/$ocspurl.csr.$format\ 685 -out $dir/certs/$ocspurl.cert.$format 686 chmod 444 $dir/certs/$ocspurl.cert.$format 688 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 689 $dir/certs/$ocspurl.cert.$format 690 openssl x509 -noout -text -in $dir/certs/$ocspurl.cert.$format 692 9.2. Revoke a Certificate 694 Revoke the certificate as in Section 8.2. The OCSP responder SHOULD 695 detect the flag change in index.txt and, when queried respond 696 appropriately. 698 9.3. Testing OCSP with Openssl 700 OpenSSL provides a simple OCSP service that can be used to test the 701 OCSP certificate and revocation process (Note that this only reads 702 the index.txt to get the certificate status at startup). 704 In a terminal window, set variables dir and ocspurl (examples below), 705 then run the simple OCSP service: 707 dir=/root/ca/intermediate 708 ocspurl=ocsp.htt-consult.com 710 openssl ocsp -port 2560 -text\ 711 -index $dir/index.txt \ 712 -CA $dir/certs/ca-chain.cert.pem \ 713 -rkey $dir/private/$ocspurl.key.pem \ 714 -rsigner $dir/certs/$ocspurl.cert.pem \ 715 -nrequest 1 717 In another window, test out a certificate status with: 719 targetcert=fqdn 720 #targetcert=clientemail 721 #targetcert=DevID 723 openssl ocsp -CAfile $dir/certs/ca-chain.cert.pem \ 724 -url http://127.0.0.1:2560 -resp_text\ 725 -issuer $dir/certs/$intermediate.cert.pem \ 726 -cert $dir/certs/$targetcert.cert.pem 728 Revoke the certificate, Section 8.2, restart the test Responder again 729 as above, then check the certificate status. 731 10. Footnotes 733 This section is a complete copy of [I-D.moskowitz-ecdsa-pki]. 734 Changes will be made if anything is found specific to either ECDSA or 735 ED25519. 737 Creating this document was a real education in the state of openSSL, 738 X.509 certificate guidance, and just general level of certificate 739 awareness. Here are a few short notes. 741 10.1. Certificate Serial Number 743 The certificate serial number's role is to provide yet another way to 744 maintain uniqueness of certificates within a pki as well as a way to 745 index them in a data store. It has taken on other roles, most 746 notably as a defense. 748 The CABForum guideline for a public CA is for the serial number to be 749 a random number at least 8 octets long and no longer than 20 bytes. 750 By default, openssl makes self-signed certificates with 8 octet 751 serial numbers. This guide uses openssl's RAND function to generate 752 the random value and pipe it into the -set_serial option. This 753 number MAY have the first bit as a ONE; the DER encoding rules 754 prepend such numbers with 0x00. Thus the limit of '19' for the 755 variable 'ns'. 757 A private CA need not follow the CABForum rules and can use anything 758 number for the serial number. For example, the root CA (which has no 759 security risks mitigated by using a random value) could use '1' as 760 its serial number. Intermediate and End Entity certificate serial 761 numbers can also be of any value if a strong hash, like SHA256 used 762 here. A value of 4 for ns would provide a sufficient population so 763 that a CA of 10,000 EE certificates will have only a 1.2% probability 764 of a collision. For only 1,000 certificates the probability drops to 765 0.012%. 767 The following was proposed on the openssl-user list as an alternative 768 to using the RAND function: 770 Keep k bits (k/8 octets) long serial numbers for all your 771 certificates, chose a block cipher operating on blocks of k bits, and 772 operate this block cipher in CTR mode, with a proper secret key and 773 secret starting counter. That way, no collision detection is 774 necessary, you'll be able to generate 2^(k/2) unique k bits longs 775 serial numbers (in fact, you can generate 2^k unique serial numbers, 776 but after 2^(k/2) you lose some security guarantees). 778 With 3DES, k=64, and with AES, k=128. 780 10.2. Some OpenSSL config file limitations 782 There is a bit of inconsistency in how different parts and fields in 783 the config file are used. Environment variables can only be used as 784 values. Some fields can have null values, others cannot. The lack 785 of allowing null fields means a script cannot feed in an environment 786 variable with value null. In such a case, the field has to be 787 removed from the config file. 789 The expectation is each CA within a PKI has its own config file, 790 customized to the certificates supported by that CA. 792 10.3. subjectAltName support, or lack thereof 794 There is no direct openssl command line option to provide a 795 subjectAltName for a certificate. This is a serious limitation. Per 796 RFC 2818 [RFC2818] SAN is the object for providing email addresses 797 and DNS addresses (FQDN), yet the common practice has been to use the 798 commonName object within the distinguishedName object. How much of 799 this is due to the difficulty in creating certificates with a SAN? 801 Thus the only way to provide a SAN is through the config file. And 802 there are two approaches. This document uses an environment variable 803 to provide the SAN value into the config file. Another approach is 804 to use piping as in: 806 openssl req -new -key domain.key\ 807 -subj "/C=US/ST=CA/O=Acme, Inc./CN=foo.com" -reqexts SAN\ 808 -config <(cat /etc/ssl/openssl.cnf\ 809 <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))\ 810 -out domain.csr 812 10.4. DER support, or lack thereof 814 The long, hard-fought battle with openssl to create a full DER pki 815 failed. The is no facility to create a DER certificate from a DER 816 CSR. It just is not there in the 'openssl ca' command. Even the 817 'openssl x509 -req' command cannot do this for a simple certificate. 819 Further, there is no 'hack' for making a certificate chain as there 820 is with PEM. With PEM a simple concatenation of the certificates 821 create a usable certificate chain. For DER, some recommend using 822 PKCS#7 [RFC2315], where others point out that this format is poorly 823 support 'in the field', whereas PKCS#12 [RFC7292] works for them. 825 Finally, openssl does support converting a PEM certificate to DER: 827 openssl x509 -outform der -in certificate.pem -out certificate.der 829 This should also work for the keypair. However, in a highly 830 constrained device it may make more sense to just store the raw 831 keypair in the device's very limited secure storage. 833 11. IANA Considerations 835 TBD. May be nothing for IANA. 837 12. Security Considerations 839 This section is a complete copy of [I-D.moskowitz-ecdsa-pki]. 840 Changes will be made if anything is found specific to either ECDSA or 841 EDDSA. 843 12.1. Adequate Randomness 845 Creating certificates takes a lot of random numbers. A good source 846 of random numbers is critical. Studies [WeakKeys] have found 847 excessive amount of certificates, all with the same keys due to bad 848 randomness on the generating systems. The amount of entropy 849 available for these random numbers can be tested. On Fedora/Centos 850 use: 852 cat /proc/sys/kernel/random/entropy_avail 854 If the value is low (below 1000) check your system's randomness 855 source. Is rng-tools installed? Consider adding an entropy 856 collection service like haveged from issihosts.com/haveged. 858 12.2. Key pair Theft 860 During the certificate creation, particularly during keypair 861 generation, the files are vulnerable to theft. This can be mitigate 862 using umask. Before using openssl, set umask: 864 restore_mask=$(umask -p) 865 umask 077 867 Afterwards, restore it with: 869 $restore_mask 871 13. Acknowledgments 873 This work is possible because of the availability of openSSL 1.1.1. 874 As in [I-D.moskowitz-ecdsa-pki], the openssl-user mailing list, with 875 its many supportive experts, was of immense help in the nuance 876 differences between ECDSA and EDDSA. 878 14. References 880 14.1. Normative References 882 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 883 Requirement Levels", BCP 14, RFC 2119, 884 DOI 10.17487/RFC2119, March 1997, 885 . 887 14.2. Informative References 889 [I-D.moskowitz-ecdsa-pki] 890 Moskowitz, R., Birkholz, H., Xia, L., and M. Richardson, 891 "Guide for building an ECC pki", draft-moskowitz-ecdsa- 892 pki-04 (work in progress), September 2018. 894 [IEEE.802.1AR_2009] 895 IEEE, "IEEE Standard for Local and metropolitan area 896 networks - Secure Device Identity", IEEE 802.1AR-2009, 897 DOI 10.1109/ieeestd.2009.5367679, December 2009, 898 . 901 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 902 Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, 903 . 905 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 906 DOI 10.17487/RFC2818, May 2000, 907 . 909 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 910 and M. Scott, "PKCS #12: Personal Information Exchange 911 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 912 . 914 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital 915 Signature Algorithm (EdDSA)", RFC 8032, 916 DOI 10.17487/RFC8032, January 2017, 917 . 919 [WeakKeys] 920 Heninger, N., Durumeric, Z., Wustrow, E., and J. 921 Halderman, "Detection of Widespread Weak Keys in Network 922 Devices", July 2011, 923 . 926 Appendix A. OpenSSL config files 928 A.1. OpenSSL Root config file 930 The following is the openssl-root.cnf file contents 932 # OpenSSL root CA configuration file. 933 # Copy to `$dir/openssl-root.cnf`. 935 [ ca ] 936 # `man ca` 937 default_ca = CA_default 939 [ CA_default ] 940 # Directory and file locations. 941 dir = $ENV::dir 942 cadir = $ENV::cadir 943 format = $ENV::format 945 certs = $dir/certs 946 crl_dir = $dir/crl 947 new_certs_dir = $dir/newcerts 948 database = $dir/index.txt 949 serial = $dir/serial 950 RANDFILE = $dir/private/.rand 952 # The root key and root certificate. 953 private_key = $cadir/private/ca.key.$format 954 certificate = $cadir/certs/ca.cert.$format 956 # For certificate revocation lists. 957 crlnumber = $dir/crlnumber 958 crl = $dir/crl/ca.crl.pem 959 crl_extensions = crl_ext 960 default_crl_days = 30 962 # SHA-1 is deprecated, so use SHA-2 instead. 963 default_md = sha256 965 name_opt = ca_default 966 cert_opt = ca_default 967 default_days = 375 968 preserve = no 969 policy = policy_strict 970 copy_extensions = copy 972 [ policy_strict ] 973 # The root CA should only sign intermediate certificates that match. 974 # See the POLICY FORMAT section of `man ca`. 975 countryName = match 976 stateOrProvinceName = match 977 organizationName = match 978 organizationalUnitName = optional 979 commonName = optional 981 [ policy_loose ] 982 # Allow the intermediate CA to sign a more 983 # diverse range of certificates. 984 # See the POLICY FORMAT section of the `ca` man page. 985 countryName = optional 986 stateOrProvinceName = optional 987 localityName = optional 988 organizationName = optional 989 organizationalUnitName = optional 990 commonName = optional 992 [ req ] 993 # Options for the `req` tool (`man req`). 994 default_bits = 2048 995 distinguished_name = req_distinguished_name 996 string_mask = utf8only 997 req_extensions = req_ext 999 # SHA-1 is deprecated, so use SHA-2 instead. 1000 default_md = sha256 1002 # Extension to add when the -x509 option is used. 1003 x509_extensions = v3_ca 1005 [ req_distinguished_name ] 1006 # See . 1007 countryName = Country Name (2 letter code) 1008 stateOrProvinceName = State or Province Name 1009 localityName = Locality Name 1010 0.organizationName = Organization Name 1011 organizationalUnitName = Organizational Unit Name 1012 commonName = Common Name 1014 # Optionally, specify some defaults. 1015 # countryName_default = US 1016 # stateOrProvinceName_default = MI 1017 # localityName_default = Oak Park 1018 # 0.organizationName_default = HTT Consulting 1019 # organizationalUnitName_default = 1021 [ req_ext ] 1022 subjectAltName = $ENV::subjectAltName 1024 [ v3_ca ] 1025 # Extensions for a typical CA (`man x509v3_config`). 1026 subjectKeyIdentifier = hash 1027 authorityKeyIdentifier = keyid:always,issuer 1028 basicConstraints = critical, CA:true 1029 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1030 keyUsage = critical, cRLSign, keyCertSign 1031 subjectAltName = $ENV::subjectAltName 1033 [ v3_intermediate_ca ] 1034 # Extensions for a typical intermediate CA (`man x509v3_config`). 1035 subjectKeyIdentifier = hash 1036 authorityKeyIdentifier = keyid:always,issuer 1037 basicConstraints = critical, CA:true, pathlen:0 1038 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1039 keyUsage = critical, cRLSign, keyCertSign 1041 [ crl_ext ] 1042 # Extension for CRLs (`man x509v3_config`). 1043 authorityKeyIdentifier=keyid:always 1045 [ ocsp ] 1046 # Extension for OCSP signing certificates (`man ocsp`). 1047 basicConstraints = CA:FALSE 1048 subjectKeyIdentifier = hash 1049 authorityKeyIdentifier = keyid,issuer 1050 keyUsage = critical, digitalSignature 1051 extendedKeyUsage = critical, OCSPSigning 1053 A.2. OpenSSL Intermediate config file 1055 The following is the openssl-intermediate.cnf file contents. 1057 Remove the crlDistributionPoints to drop CRL support and 1058 authorityInfoAccess to drop OCSP support. 1060 # OpenSSL intermediate CA configuration file. 1061 # Copy to `$dir/openssl-intermediate.cnf`. 1063 [ ca ] 1064 # `man ca` 1065 default_ca = CA_default 1067 [ CA_default ] 1068 # Directory and file locations. 1069 dir = $ENV::dir 1070 cadir = $ENV::cadir 1071 format = $ENV::format 1073 certs = $dir/certs 1074 crl_dir = $dir/crl 1075 new_certs_dir = $dir/newcerts 1076 database = $dir/index.txt 1077 serial = $dir/serial 1078 RANDFILE = $dir/private/.rand 1080 # The Intermediate key and Intermediate certificate. 1081 private_key = $dir/private/intermediate.key.$format 1082 certificate = $dir/certs/intermediate.cert.$format 1084 # For certificate revocation lists. 1085 crlnumber = $dir/crlnumber 1086 crl = $dir/crl/intermediate.crl.pem 1087 crl_extensions = crl_ext 1088 default_crl_days = $ENV::default_crl_days 1090 # SHA-1 is deprecated, so use SHA-2 instead. 1091 default_md = sha256 1093 name_opt = ca_default 1094 cert_opt = ca_default 1095 default_days = 375 1096 preserve = no 1097 policy = policy_loose 1098 copy_extensions = copy 1100 [ policy_strict ] 1101 # The root CA should only sign intermediate certificates that match. 1102 # See the POLICY FORMAT section of `man ca`. 1103 countryName = match 1104 stateOrProvinceName = match 1105 organizationName = match 1106 organizationalUnitName = optional 1107 commonName = optional 1109 [ policy_loose ] 1110 # Allow the intermediate CA to sign a more 1111 # diverse range of certificates. 1112 # See the POLICY FORMAT section of the `ca` man page. 1113 countryName = optional 1114 stateOrProvinceName = optional 1115 localityName = optional 1116 organizationName = optional 1117 organizationalUnitName = optional 1118 commonName = optional 1119 UID = optional 1121 [ req ] 1122 # Options for the `req` tool (`man req`). 1123 default_bits = 2048 1124 distinguished_name = req_distinguished_name 1125 string_mask = utf8only 1126 req_extensions = req_ext 1128 # SHA-1 is deprecated, so use SHA-2 instead. 1129 default_md = sha256 1131 # Extension to add when the -x509 option is used. 1132 x509_extensions = v3_ca 1134 [ req_distinguished_name ] 1135 # See . 1136 countryName = Country Name (2 letter code) 1137 stateOrProvinceName = State or Province Name 1138 localityName = Locality Name 1139 0.organizationName = Organization Name 1140 organizationalUnitName = Organizational Unit Name 1141 commonName = Common Name 1142 UID = User ID 1144 # Optionally, specify some defaults. 1145 # countryName_default = US 1146 # stateOrProvinceName_default = MI 1147 # localityName_default = Oak Park 1148 # 0.organizationName_default = HTT Consulting 1149 # organizationalUnitName_default = 1151 [ req_ext ] 1152 subjectAltName = $ENV::subjectAltName 1154 [ v3_ca ] 1155 # Extensions for a typical CA (`man x509v3_config`). 1156 subjectKeyIdentifier = hash 1157 authorityKeyIdentifier = keyid:always,issuer 1158 basicConstraints = critical, CA:true 1159 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1160 keyUsage = critical, cRLSign, keyCertSign 1162 [ v3_intermediate_ca ] 1163 # Extensions for a typical intermediate CA (`man x509v3_config`). 1164 subjectKeyIdentifier = hash 1165 authorityKeyIdentifier = keyid:always,issuer 1166 basicConstraints = critical, CA:true, pathlen:0 1167 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1168 keyUsage = critical, cRLSign, keyCertSign 1170 [ usr_cert ] 1171 # Extensions for client certificates (`man x509v3_config`). 1172 basicConstraints = CA:FALSE 1173 nsCertType = client, email 1174 nsComment = "OpenSSL Generated Client Certificate" 1175 subjectKeyIdentifier = hash 1176 authorityKeyIdentifier = keyid,issuer 1177 keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment 1178 extendedKeyUsage = clientAuth, emailProtection 1179 # uncomment the following if the ENV variables set 1180 # crlDistributionPoints = $ENV::crlDP 1181 # authorityInfoAccess = $ENV::ocspIAI 1183 [ server_cert ] 1184 # Extensions for server certificates (`man x509v3_config`). 1185 basicConstraints = CA:FALSE 1186 nsCertType = server 1187 nsComment = "OpenSSL Generated Server Certificate" 1188 subjectKeyIdentifier = hash 1189 authorityKeyIdentifier = keyid,issuer:always 1190 keyUsage = critical, digitalSignature, keyEncipherment 1191 extendedKeyUsage = serverAuth 1192 # uncomment the following if the ENV variables set 1193 # crlDistributionPoints = $ENV::crlDP 1194 # authorityInfoAccess = $ENV::ocspIAI 1196 [ crl_ext ] 1197 # Extension for CRLs (`man x509v3_config`). 1198 authorityKeyIdentifier=keyid:always 1200 [ ocsp ] 1201 # Extension for OCSP signing certificates (`man ocsp`). 1202 basicConstraints = CA:FALSE 1203 subjectKeyIdentifier = hash 1204 authorityKeyIdentifier = keyid,issuer 1205 keyUsage = critical, digitalSignature 1206 extendedKeyUsage = critical, OCSPSigning 1208 A.3. OpenSSL 802.1AR Intermediate config file 1210 The following is the openssl-8021ARintermediate.cnf file contents. 1212 Remove the crlDistributionPoints to drop CRL support and 1213 authorityInfoAccess to drop OCSP support. 1215 # OpenSSL 8021ARintermediate CA configuration file. 1216 # Copy to `$dir/openssl-8021ARintermediate.cnf`. 1218 [ ca ] 1219 # `man ca` 1220 default_ca = CA_default 1222 [ CA_default ] 1223 # Directory and file locations. 1224 # dir = /root/ca/8021ARintermediate 1225 dir = $ENV::dir 1226 cadir = $ENV::cadir 1227 format = $ENV::format 1229 certs = $dir/certs 1230 crl_dir = $dir/crl 1231 new_certs_dir = $dir/newcerts 1232 database = $dir/index.txt 1233 serial = $dir/serial 1234 RANDFILE = $dir/private/.rand 1236 # The root key and root certificate. 1237 private_key = $dir/private/8021ARintermediate.key.$format 1238 certificate = $dir/certs/8021ARintermediate.cert.$format 1240 # For certificate revocation lists. 1241 crlnumber = $dir/crlnumber 1242 crl = $dir/crl/ca.crl.pem 1243 crl_extensions = crl_ext 1244 default_crl_days = $ENV::default_crl_days 1246 # SHA-1 is deprecated, so use SHA-2 instead. 1247 default_md = sha256 1249 name_opt = ca_default 1250 cert_opt = ca_default 1251 default_enddate = 99991231235959Z # per IEEE 802.1AR 1252 preserve = no 1253 policy = policy_loose 1254 copy_extensions = copy 1256 [ policy_strict ] 1257 # The root CA should only sign 8021ARintermediate 1258 # certificates that match. 1259 # See the POLICY FORMAT section of `man ca`. 1260 countryName = match 1261 stateOrProvinceName = match 1262 organizationName = match 1263 organizationalUnitName = optional 1264 commonName = optional 1266 [ policy_loose ] 1267 # Allow the 8021ARintermediate CA to sign 1268 # a more diverse range of certificates. 1269 # See the POLICY FORMAT section of the `ca` man page. 1270 countryName = optional 1271 stateOrProvinceName = optional 1272 localityName = optional 1273 organizationName = optional 1274 organizationalUnitName = optional 1275 commonName = optional 1276 serialNumber = optional 1278 [ req ] 1279 # Options for the `req` tool (`man req`). 1280 default_bits = 2048 1281 distinguished_name = req_distinguished_name 1282 string_mask = utf8only 1283 req_extensions = req_ext 1285 # SHA-1 is deprecated, so use SHA-2 instead. 1286 default_md = sha256 1288 # Extension to add when the -x509 option is used. 1289 x509_extensions = v3_ca 1291 [ req_distinguished_name ] 1292 # See . 1293 countryName = Country Name (2 letter code) 1294 stateOrProvinceName = State or Province Name 1295 localityName = Locality Name 1296 0.organizationName = Organization Name 1297 organizationalUnitName = Organizational Unit Name 1298 commonName = Common Name 1299 serialNumber = Device Serial Number 1301 # Optionally, specify some defaults. 1302 0.organizationName_default = HTT Consulting 1303 organizationalUnitName_default = Devices 1305 [ req_ext ] 1306 subjectAltName = $ENV::subjectAltName 1308 [ hmodname ] 1309 hwType = OID:$ENV::hwType 1310 hwSerialNum = FORMAT:HEX,OCT:$ENV::hwSerialNum 1312 [ v3_ca ] 1313 # Extensions for a typical CA (`man x509v3_config`). 1314 subjectKeyIdentifier = hash 1315 authorityKeyIdentifier = keyid:always,issuer 1316 basicConstraints = critical, CA:true 1317 keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1319 [ v3_8021ARintermediate_ca ] 1320 # Extensions for a typical 1321 # 8021ARintermediate CA (`man x509v3_config`). 1322 subjectKeyIdentifier = hash 1323 authorityKeyIdentifier = keyid:always,issuer 1324 basicConstraints = critical, CA:true, pathlen:0 1325 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1326 keyUsage = critical, cRLSign, keyCertSign 1328 [ 8021ar_idevid ] 1329 # Extensions for IEEE 802.1AR iDevID 1330 # certificates (`man x509v3_config`). 1331 basicConstraints = CA:FALSE 1332 authorityKeyIdentifier = keyid,issuer:always 1333 keyUsage = critical, digitalSignature, keyEncipherment 1334 # uncomment the following if the ENV variables set 1335 # crlDistributionPoints = $ENV::crlDP 1336 # authorityInfoAccess = $ENV::ocspIAI 1338 [ crl_ext ] 1339 # Extension for CRLs (`man x509v3_config`). 1340 authorityKeyIdentifier=keyid:always 1342 [ ocsp ] 1343 # Extension for OCSP signing certificates (`man ocsp`). 1344 basicConstraints = CA:FALSE 1345 subjectKeyIdentifier = hash 1346 authorityKeyIdentifier = keyid,issuer 1347 keyUsage = critical, digitalSignature 1348 extendedKeyUsage = critical, OCSPSigning 1350 Authors' Addresses 1352 Robert Moskowitz 1353 HTT Consulting 1354 Oak Park, MI 48237 1356 Email: rgm@labs.htt-consult.com 1358 Henk Birkholz 1359 Fraunhofer SIT 1360 Rheinstrasse 75 1361 Darmstadt 64295 1362 Germany 1364 Email: henk.birkholz@sit.fraunhofer.de 1366 Michael C. Richardson 1367 Sandelman Software Works 1369 Email: mcr+ietf@sandelman.ca 1370 URI: http://www.sandelman.ca/