idnits 2.17.1 draft-moskowitz-eddsa-pki-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 13, 2019) is 1717 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-10) exists of draft-moskowitz-ecdsa-pki-05 -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 wg TBD R. Moskowitz 3 Internet-Draft HTT Consulting 4 Intended status: Informational H. Birkholz 5 Expires: February 14, 2020 Fraunhofer SIT 6 M. Richardson 7 Sandelman 8 August 13, 2019 10 Guide for building an EDDSA pki 11 draft-moskowitz-eddsa-pki-01 13 Abstract 15 This memo provides a guide for building a PKI (Public Key 16 Infrastructure) using openSSL. Certificates in this guide can be 17 either ED25519 or ED448 certificates. Along with common End Entity 18 certificates, this guide provides instructions for creating IEEE 19 802.1AR iDevID Secure Device certificates. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on February 14, 2020. 38 Copyright Notice 40 Copyright (c) 2019 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 3 57 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 3 58 2.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3 59 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 60 3. Comparing ECDSA and EDDSA certificates . . . . . . . . . . . 4 61 4. The Basic PKI feature set . . . . . . . . . . . . . . . . . . 4 62 5. Getting started and the Root level . . . . . . . . . . . . . 5 63 5.1. Setting up the Environment . . . . . . . . . . . . . . . 5 64 5.2. Create the Root Certificate . . . . . . . . . . . . . . . 6 65 6. The Intermediate level . . . . . . . . . . . . . . . . . . . 7 66 6.1. Setting up the Intermediate Certificate Environment . . . 7 67 6.2. Create the Intermediate Certificate . . . . . . . . . . . 8 68 6.3. Create a Server EE Certificate . . . . . . . . . . . . . 9 69 6.4. Create a Client EE Certificate . . . . . . . . . . . . . 10 70 7. The 802.1AR Intermediate level . . . . . . . . . . . . . . . 11 71 7.1. Setting up the 802.1AR Intermediate Certificate 72 Environment . . . . . . . . . . . . . . . . . . . . . . . 11 73 7.2. Create the 802.1AR Intermediate Certificate . . . . . . . 12 74 7.3. Create an 802.1AR iDevID Certificate . . . . . . . . . . 13 75 8. Setting up a CRL for an Intermediate CA . . . . . . . . . . . 15 76 8.1. Create (or recreate) the CRL . . . . . . . . . . . . . . 15 77 8.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 15 78 9. Setting up OCSP for an Intermediate CA . . . . . . . . . . . 16 79 9.1. Create the OCSP Certificate . . . . . . . . . . . . . . . 16 80 9.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 17 81 9.3. Testing OCSP with Openssl . . . . . . . . . . . . . . . . 18 82 10. Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 18 83 10.1. Certificate Serial Number . . . . . . . . . . . . . . . 19 84 10.2. Some OpenSSL config file limitations . . . . . . . . . . 19 85 10.3. subjectAltName support, or lack thereof . . . . . . . . 20 86 10.4. DER support, or lack thereof . . . . . . . . . . . . . . 20 87 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 88 12. Security Considerations . . . . . . . . . . . . . . . . . . . 21 89 12.1. Adequate Randomness . . . . . . . . . . . . . . . . . . 21 90 12.2. Key pair Theft . . . . . . . . . . . . . . . . . . . . . 21 91 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 92 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 93 14.1. Normative References . . . . . . . . . . . . . . . . . . 22 94 14.2. Informative References . . . . . . . . . . . . . . . . . 22 95 Appendix A. OpenSSL config files . . . . . . . . . . . . . . . . 23 96 A.1. OpenSSL Root config file . . . . . . . . . . . . . . . . 23 97 A.2. OpenSSL Intermediate config file . . . . . . . . . . . . 25 98 A.3. OpenSSL 802.1AR Intermediate config file . . . . . . . . 29 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 101 1. Introduction 103 The IETF has adopted the Edwards Elliptic Curve and related 104 algorithms. These algorithms hold out the promise of greater 105 efficiency and better understood security risks. This efficiency 106 could make that critical difference to allow them to be used in some 107 constrained IoT devices. 109 This effort provides the steps, using the openSSL application, to 110 create such a PKI of ED25519 or ED448 certificates (RFC 8032 111 [RFC8032]). The goal is that any developer or tester can follow 112 these steps, create the basic objects needed and establish the 113 validity of the standard/program design. This guide can even be used 114 to create a production PKi, though additional steps need to be taken. 115 This could be very useful to a small vendor needing to include 116 802.1AR [IEEE.802.1AR_2009] iDevIDs in their product (Note: EDDSA 117 certificates are not supported in even the forthcoming 802.1AR-2018; 118 this is for future work). 120 This guide was developed with openSSL 1.1.1 on Fedora 29-beta and 121 creates PEM-based certificates. It closely follows 122 [I-D.moskowitz-ecdsa-pki]. 124 2. Terms and Definitions 126 2.1. Requirements Terminology 128 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 129 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 130 "OPTIONAL" in this document are to be interpreted as described in BCP 131 14 [RFC2119] [RFC8174] when, and only when, they appear in all 132 capitals, as shown here. 134 2.2. Notations 136 This section will contain notations 138 2.3. Definitions 140 There are no draft specific definitions at this time 142 3. Comparing ECDSA and EDDSA certificates 144 There are two differences between ECDSA and EDDSA certificates that 145 impact the use of openSSL. There are no options with EDDSA, and thus 146 the pkeyopt variable is not used. 148 Likewise there are no hash options. For example, neither ED25519 or 149 ED448 signs a hash of the certificate. As such, none of the hash 150 options should be needed. 152 It should be noted here that ED25519 certificates can be ~100 bytes 153 smaller than corresponding ECDSA certificates. This size difference 154 may be critical in some devices and communication technologies. 155 ED448 certificates are similar in size with ECDSA p256 certificates 156 yet with a stronger security claim. 158 4. The Basic PKI feature set 160 A basic pki has two levels of hierarchy: Root and Intermediate. The 161 Root level has the greatest risk, and is the least used. It only 162 signs the Intermediate level signing certificate. As such, once the 163 Root level is created and signs the Intermediate level certificate it 164 can be locked up. In fact, the Root level could exist completely on 165 a uSD boot card for an ARM small computer like a RaspberryPi. A copy 166 of this card can be made and securely stored in a different location. 168 The Root level contains the Root certificate private key, a database 169 of all signed certificates, and the public certificate. It can also 170 contain the Intermediate level public certificate and a Root level 171 CRL. 173 The Intermediate level contains the Intermediate certificate private 174 key, the public certificate, a database of all signed certificates, 175 the certificate trust chain, and Intermediate level CRL. It can also 176 contain the End Entity public certificates. The private key file 177 needs to be keep securely. For example as with the Root level, a mSD 178 image for an ARM computer could contain the complete Intermediate 179 level. This image is kept offline. The End Entity CSR is copied to 180 it, signed, and then the signed certificate and updated database are 181 moved to the public image that lacks the private key. 183 For a simple test pki, all files can be kept on a single system that 184 is managed by the tester. 186 End Entities create a key pair and a Certificate Signing Request 187 (CSR). The private key is stored securely. The CSR is delivered to 188 the Intermediate level which uses the CSR to create the End Entity 189 certificate. This certificate, along with the trust chain back to 190 the root, is then returned to the End Entity. 192 There is more to a pki, but this suffices for most development and 193 testing needs. 195 5. Getting started and the Root level 197 This guide was developed on a Fedora 29-beta armv7hl system 198 (Cubieboard2 SoC). It should work on most Linux and similar systems 199 that support openSSL 1.1.1. All work was done in a terminal window 200 with extensive "cutting and pasting" from this draft guide into the 201 terminal window. Users of this guide may find different behaviors 202 based on their system. 204 5.1. Setting up the Environment 206 The first step is to create the pki environment. Modify the 207 variables to suit your needs. 209 export dir=/root/ca 210 export cadir=/root/ca 211 export format=pem 212 export algorithm=ed25519 # or ed448 213 mkdir $dir 214 cd $dir 215 mkdir certs crl csr newcerts private 216 chmod 700 private 217 touch index.txt 218 touch serial 219 sn=8 221 countryName="/C=US" 222 stateOrProvinceName="/ST=MI" 223 localityName="/L=Oak Park" 224 organizationName="/O=HTT Consulting" 225 #organizationalUnitName="/OU=" 226 organizationalUnitName= 227 commonName="/CN=Root CA" 228 DN=$countryName$stateOrProvinceName$localityName 229 DN=$DN$organizationName$organizationalUnitName$commonName 230 echo $DN 231 export subjectAltName=email:postmaster@htt-consult.com 233 Where: 235 dir 236 Directory for certificate files 238 cadir 239 Directory for Root certificate files 241 Format 242 File encoding: PEM or DER 243 At this time only PEM works 245 sn 246 Serial Number length in bytes 247 For a public CA the range is 8 to 19 249 The Serial Number length for a public pki ranges from 8 to 19 bytes. 250 The use of 19 rather than 20 is to accommodate the hex representation 251 of the Serial Number. If it has a one in the high order bit, DER 252 encoding rules will place a 0x00 in front. 254 The DN and SAN fields are examples. Change them to appropriate 255 values. If you leave one blank, it will be left out of the 256 Certificate. "OU" above is an example of an empty DN object. 258 Create the file, $dir/openssl-root.cnf from the contents in 259 Appendix A.1. 261 5.2. Create the Root Certificate 263 Next are the openssl commands to create the Root certificate keypair, 264 and the Root certificate. Included are commands to view the file 265 contents. 267 # Create passworded keypair file 269 openssl genpkey -aes256 -algorithm $algorithm\ 270 -outform $format -out $dir/private/ca.key.$format 271 chmod 400 $dir/private/ca.key.$format 272 openssl pkey -inform $format -in $dir/private/ca.key.$format\ 273 -text -noout 275 # Create Self-signed Root Certificate file 276 # 7300 days = 20 years; Intermediate CA is 10 years. 278 openssl req -config $dir/openssl-root.cnf\ 279 -set_serial 0x$(openssl rand -hex $sn)\ 280 -keyform $format -outform $format\ 281 -key $dir/private/ca.key.$format -subj "$DN"\ 282 -new -x509 -days 7300 -extensions v3_ca\ 283 -out $dir/certs/ca.cert.$format 285 # 287 openssl x509 -inform $format -in $dir/certs/ca.cert.$format\ 288 -text -noout 289 openssl x509 -purpose -inform $format\ 290 -in $dir/certs/ca.cert.$format -inform $format 292 6. The Intermediate level 294 6.1. Setting up the Intermediate Certificate Environment 296 The next part is to create the Intermediate pki environment. Modify 297 the variables to suit your needs. In particular, set the variables 298 for CRL and/or OCSP support. 300 export dir=$cadir/intermediate 301 mkdir $dir 302 cd $dir 303 mkdir certs crl csr newcerts private 304 chmod 700 private 305 touch index.txt 306 sn=8 # hex 8 is minimum, 19 is maximum 307 echo 1000 > $dir/crlnumber 309 # cd $dir 310 export crlDP= 311 # For CRL support use uncomment these: 312 #crl=intermediate.crl.pem 313 #crlurl=www.htt-consult.com/pki/$crl 314 #export crlDP="URI:http://$crlurl" 315 export default_crl_days=30 316 export ocspIAI= 317 # For OCSP support use uncomment these: 318 #ocspurl=ocsp.htt-consult.com 319 #export ocspIAI="OCSP;URI:http://$ocspurl" 321 commonName="/CN=Signing CA" 322 DN=$countryName$stateOrProvinceName$localityName$organizationName 323 DN=$DN$organizationalUnitName$commonName 324 echo $DN 326 Create the file, $dir/openssl-intermediate.cnf from the contents in 327 Appendix A.2. Uncomment lines for crlDistributionPoints and 328 authorityInfoAccess if using CRLs or OSCP repectfully. 330 6.2. Create the Intermediate Certificate 332 Here are the openssl commands to create the Intermediate certificate 333 keypair, Intermediate certificate signed request (CSR), and the 334 Intermediate certificate. Included are commands to view the file 335 contents. 337 # Create passworded keypair file 339 openssl genpkey -aes256 -algorithm $algorithm\ 340 -outform $format -out $dir/private/intermediate.key.$format 341 chmod 400 $dir/private/intermediate.key.$format 342 openssl pkey -inform $format\ 343 -in $dir/private/intermediate.key.$format -text -noout 345 # Create the CSR 347 openssl req -config $cadir/openssl-root.cnf\ 348 -key $dir/private/intermediate.key.$format \ 349 -keyform $format -outform $format -subj "$DN" -new\ 350 -out $dir/csr/intermediate.csr.$format 351 openssl req -text -noout -verify -inform $format\ 352 -in $dir/csr/intermediate.csr.$format 354 # Create Intermediate Certificate file 356 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 357 # Note 'openssl ca' does not support DER format 358 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 359 -extensions v3_intermediate_ca -notext \ 360 -in $dir/csr/intermediate.csr.$format\ 361 -out $dir/certs/intermediate.cert.pem 363 chmod 444 $dir/certs/intermediate.cert.$format 365 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 366 $dir/certs/intermediate.cert.$format 368 openssl x509 -noout -text -in $dir/certs/intermediate.cert.$format 370 # Create the certificate chain file 372 cat $dir/certs/intermediate.cert.$format\ 373 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 374 chmod 444 $dir/certs/ca-chain.cert.$format 376 6.3. Create a Server EE Certificate 378 Here are the openssl commands to create a Server End Entity 379 certificate keypair, Server certificate signed request (CSR), and the 380 Server certificate. Included are commands to view the file contents. 382 commonName= 383 DN=$countryName$stateOrProvinceName$localityName 384 DN=$DN$organizationName$organizationalUnitName$commonName 385 echo $DN 386 serverfqdn=www.example.com 387 emailaddr=postmaster@htt-consult.com 388 export subjectAltName="DNS:$serverfqdn, email:$emailaddr" 389 echo $subjectAltName 390 openssl genpkey -algorithm $algorithm\ 391 -out $dir/private/$serverfqdn.key.$format 392 chmod 400 $dir/private/$serverfqdn.$format 393 openssl pkey -in $dir/private/$serverfqdn.key.$format -text -noout 394 openssl req -config $dir/openssl-intermediate.cnf\ 395 -key $dir/private/$serverfqdn.key.$format \ 396 -subj "$DN" -new -out $dir/csr/$serverfqdn.csr.$format 398 openssl req -text -noout -verify -in $dir/csr/$serverfqdn.csr.$format 400 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 401 # Note 'openssl ca' does not support DER format 402 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 403 -extensions server_cert -notext \ 404 -in $dir/csr/$serverfqdn.csr.$format\ 405 -out $dir/certs/$serverfqdn.cert.$format 406 chmod 444 $dir/certs/$serverfqdn.cert.$format 408 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 409 $dir/certs/$serverfqdn.cert.$format 410 openssl x509 -noout -text -in $dir/certs/$serverfqdn.cert.$format 412 6.4. Create a Client EE Certificate 414 Here are the openssl commands to create a Client End Entity 415 certificate keypair, Client certificate signed request (CSR), and the 416 Client certificate. Included are commands to view the file contents. 418 commonName= 419 UserID="/UID=rgm" 420 DN=$countryName$stateOrProvinceName$localityName 421 DN=$DN$organizationName$organizationalUnitName$commonName$UserID 422 echo $DN 423 clientemail=rgm@example.com 424 export subjectAltName="email:$clientemail" 425 echo $subjectAltName 426 openssl genpkey -algorithm $algorithm\ 427 -out $dir/private/$clientemail.key.$format 428 chmod 400 $dir/private/$clientemail.$format 429 openssl pkey -in $dir/private/$clientemail.key.$format -text -noout 430 openssl req -config $dir/openssl-intermediate.cnf\ 431 -key $dir/private/$clientemail.key.$format \ 432 -subj "$DN" -new -out $dir/csr/$clientemail.csr.$format 434 openssl req -text -noout -verify\ 435 -in $dir/csr/$clientemail.csr.$format 437 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 438 # Note 'openssl ca' does not support DER format 439 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 440 -extensions usr_cert -notext \ 441 -in $dir/csr/$clientemail.csr.$format\ 442 -out $dir/certs/$clientemail.cert.$format 443 chmod 444 $dir/certs/$clientemail.cert.$format 445 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 446 $dir/certs/$clientemail.cert.$format 447 openssl x509 -noout -text -in $dir/certs/$clientemail.cert.$format 449 7. The 802.1AR Intermediate level 451 7.1. Setting up the 802.1AR Intermediate Certificate Environment 453 The next part is to create the 802.1AR Intermediate pki environment. 454 This is very similar to the Intermediate pki environment. Modify the 455 variables to suit your needs. 457 export dir=$cadir/8021ARintermediate 458 mkdir $dir 459 cd $dir 460 mkdir certs crl csr newcerts private 461 chmod 700 private 462 touch index.txt 463 sn=8 # hex 8 is minimum, 19 is maximum 464 echo 1000 > $dir/crlnumber 466 # cd $dir 467 export crlDP= 468 # For CRL support use uncomment these: 469 #crl=8021ARintermediate.crl.pem 470 #crlurl=www.htt-consult.com/pki/$crl 471 #export crlDP="URI:http://$crlurl" 472 export default_crl_days=30 473 export ocspIAI= 474 # For OCSP support use uncomment these: 475 #ocspurl=ocsp.htt-consult.com 476 #export ocspIAI="OCSP;URI:http://$ocspurl" 478 countryName="/C=US" 479 stateOrProvinceName="/ST=MI" 480 localityName="/L=Oak Park" 481 organizationName="/O=HTT Consulting" 482 organizationalUnitName="/OU=Devices" 483 #organizationalUnitName= 484 commonName="/CN=802.1AR CA" 485 DN=$countryName$stateOrProvinceName$localityName$organizationName 486 DN=$DN$organizationalUnitName$commonName 487 echo $DN 488 export subjectAltName=email:postmaster@htt-consult.com 489 echo $subjectAltName 491 Create the file, $dir/openssl-8021ARintermediate.cnf from the 492 contents in Appendix A.3. Uncomment lines for crlDistributionPoints 493 and authorityInfoAccess if using CRLs or OSCP repectfully. 495 7.2. Create the 802.1AR Intermediate Certificate 497 Here are the openssl commands to create the 802.1AR Intermediate 498 certificate keypair, 802.1AR Intermediate certificate signed request 499 (CSR), and the 802.1AR Intermediate certificate. Included are 500 commands to view the file contents. 502 # Create passworded keypair file 504 openssl genpkey -aes256 -algorithm $algorithm\ 505 -outform $format -out $dir/private/8021ARintermediate.key.$format 506 chmod 400 $dir/private/8021ARintermediate.key.$format 507 openssl pkey -inform $format\ 508 -in $dir/private/8021ARintermediate.key.$format -text -noout 510 # Create the CSR 512 openssl req -config $cadir/openssl-root.cnf\ 513 -key $dir/private/8021ARintermediate.key.$format \ 514 -keyform $format -outform $format -subj "$DN" -new\ 515 -out $dir/csr/8021ARintermediate.csr.$format 516 openssl req -text -noout -verify -inform $format\ 517 -in $dir/csr/8021ARintermediate.csr.$format 519 # Create 802.1AR Intermediate Certificate file 520 # The following does NOT work for DER 522 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 523 # Note 'openssl ca' does not support DER format 524 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 525 -extensions v3_intermediate_ca -notext\ 526 -in $dir/csr/8021ARintermediate.csr.$format\ 527 -out $dir/certs/8021ARintermediate.cert.pem 529 chmod 444 $dir/certs/8021ARintermediate.cert.$format 531 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 532 $dir/certs/8021ARintermediate.cert.$format 534 openssl x509 -noout -text\ 535 -in $dir/certs/8021ARintermediate.cert.$format 537 # Create the certificate chain file 539 cat $dir/certs/8021ARintermediate.cert.$format\ 540 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 541 chmod 444 $dir/certs/ca-chain.cert.$format 543 7.3. Create an 802.1AR iDevID Certificate 545 Here are the openssl commands to create a 802.1AR iDevID certificate 546 keypair, iDevID certificate signed request (CSR), and the iDevID 547 certificate. Included are commands to view the file contents. 549 DevID=Wt1234 550 countryName= 551 stateOrProvinceName= 552 localityName= 553 organizationName="/O=HTT Consulting" 554 organizationalUnitName="/OU=Devices" 555 commonName= 556 serialNumber="/serialNumber=$DevID" 557 DN=$countryName$stateOrProvinceName$localityName 558 DN=$DN$organizationName$organizationalUnitName$commonName 559 DN=$DN$serialNumber 560 echo $DN 562 # hwType is OID for HTT Consulting, devices, sensor widgets 563 export hwType=1.3.6.1.4.1.6715.10.1 564 export hwSerialNum=01020304 # Some hex 565 export subjectAltName="otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname" 566 echo $hwType - $hwSerialNum 568 openssl genpkey -algorithm $algorithm\ 569 -out $dir/private/$DevID.key.$format 570 chmod 400 $dir/private/$DevID.key.$format 571 openssl pkey -in $dir/private/$DevID.key.$format -text -noout 572 openssl req -config $dir/openssl-8021ARintermediate.cnf\ 573 -key $dir/private/$DevID.key.$format \ 574 -subj "$DN" -new -out $dir/csr/$DevID.csr.$format 576 openssl req -text -noout -verify\ 577 -in $dir/csr/$DevID.csr.$format 578 openssl asn1parse -i -in $dir/csr/$DevID.csr.pem 579 # offset of start of hardwareModuleName and use that in place of 141 580 openssl asn1parse -i -strparse 141 -in $dir/csr/$DevID.csr.pem 582 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 583 # Note 'openssl ca' does not support DER format 584 openssl ca -config $dir/openssl-8021ARintermediate.cnf\ 585 -extensions 8021ar_idevid -notext \ 586 -in $dir/csr/$DevID.csr.$format\ 587 -out $dir/certs/$DevID.cert.$format 588 chmod 444 $dir/certs/$DevID.cert.$format 590 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 591 $dir/certs/$DevID.cert.$format 592 openssl x509 -noout -text -in $dir/certs/$DevID.cert.$format 593 openssl asn1parse -i -in $dir/certs/$DevID.cert.pem 595 # offset of start of hardwareModuleName and use that in place of 576 596 openssl asn1parse -i -strparse 576 -in $dir/certs/$DevID.cert.pem 598 8. Setting up a CRL for an Intermediate CA 600 This part provides CRL support to an Intermediate CA. In this memo 601 it applies to both Intermediate CAs. Set the crlDistributionPoints 602 as provided via the environment variables. 604 8.1. Create (or recreate) the CRL 606 It is simple to create the CRL. The CRL consists of the certificates 607 flagged with an R (Revoked) in index.txt: 609 # Select which Intermediate level 610 intermediate=intermediate 611 #intermediate=8021ARintermediate 612 dir=$cadir/$intermediate 613 crl=$intermediate.crl.pem 614 cd $dir 616 # Create CRL file 617 openssl ca -config $dir/openssl-$intermediate.cnf \ 618 -gencrl -out $dir/crl/$crl 619 chmod 444 $dir/crl/$crl 621 openssl crl -in $dir/crl/$crl -noout -text 623 8.2. Revoke a Certificate 625 Revoking a certificate is a two step process. First identify the 626 target certificate, examples are listed below. Revoke it then 627 publish a new CRL. 629 targetcert=fqdn 630 #targetcert=clientemail 631 #targetcert=DevID 633 openssl ca -config $dir/openssl-$intermediate.cnf\ 634 -revoke $dir/certs/$targetcert.cert.$format 636 Recreate the CRL using Section 8.1. 638 9. Setting up OCSP for an Intermediate CA 640 This part provides OCSP support to an Intermediate CA. In this memo 641 it applies to both Intermediate CAs. Set the authorityInfoAccess as 642 provided via the environment variables. 644 9.1. Create the OCSP Certificate 646 OCSP needs a signing certificate. This certificate must be signed by 647 the CA that signed the certificate being checked. The steps to 648 create this certificate is the similar to a Server certificate for 649 the CA: 651 # Select which Intermediate level 652 intermediate=intermediate 653 #intermediate=8021ARintermediate 654 # Optionally, password encrypt key pair 655 encryptkey= 656 #encryptkey=-aes256 658 # Create the key pair in Intermediate level $intermediate 659 cd $dir 660 openssl genpkey -algorithm $algorithm\ 661 $encryptkey -out $dir/private/$ocspurl.key.$format 662 chmod 400 $dir/private/$ocspurl.$format 663 openssl pkey -in $dir/private/$ocspurl.key.$format -text -noout 665 # Create CSR 666 commonName= 667 DN=$countryName$stateOrProvinceName$localityName 668 DN=$DN$organizationName$organizationalUnitName$commonName 669 echo $DN 670 emailaddr=postmaster@htt-consult.com 671 export subjectAltName="DNS:$ocspurl, email:$emailaddr" 672 echo $subjectAltName 673 openssl req -config $dir/openssl-$intermediate.cnf\ 674 -key $dir/private/$ocspurl.key.$format \ 675 -subj "$DN" -new -out $dir/csr/$ocspurl.csr.$format 677 openssl req -text -noout -verify -in $dir/csr/$ocspurl.csr.$format 679 # Create Certificate 681 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 682 # Note 'openssl ca' does not support DER format 683 openssl ca -config $dir/openssl-$intermediate.cnf -days 375\ 684 -extensions ocsp -notext \ 685 -in $dir/csr/$ocspurl.csr.$format\ 686 -out $dir/certs/$ocspurl.cert.$format 687 chmod 444 $dir/certs/$ocspurl.cert.$format 689 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 690 $dir/certs/$ocspurl.cert.$format 691 openssl x509 -noout -text -in $dir/certs/$ocspurl.cert.$format 693 9.2. Revoke a Certificate 695 Revoke the certificate as in Section 8.2. The OCSP responder SHOULD 696 detect the flag change in index.txt and, when queried respond 697 appropriately. 699 9.3. Testing OCSP with Openssl 701 OpenSSL provides a simple OCSP service that can be used to test the 702 OCSP certificate and revocation process (Note that this only reads 703 the index.txt to get the certificate status at startup). 705 In a terminal window, set variables dir and ocspurl (examples below), 706 then run the simple OCSP service: 708 dir=/root/ca/intermediate 709 ocspurl=ocsp.htt-consult.com 711 openssl ocsp -port 2560 -text\ 712 -index $dir/index.txt \ 713 -CA $dir/certs/ca-chain.cert.pem \ 714 -rkey $dir/private/$ocspurl.key.pem \ 715 -rsigner $dir/certs/$ocspurl.cert.pem \ 716 -nrequest 1 718 In another window, test out a certificate status with: 720 targetcert=fqdn 721 #targetcert=clientemail 722 #targetcert=DevID 724 openssl ocsp -CAfile $dir/certs/ca-chain.cert.pem \ 725 -url http://127.0.0.1:2560 -resp_text\ 726 -issuer $dir/certs/$intermediate.cert.pem \ 727 -cert $dir/certs/$targetcert.cert.pem 729 Revoke the certificate, Section 8.2, restart the test Responder again 730 as above, then check the certificate status. 732 10. Footnotes 734 This section is a complete copy of [I-D.moskowitz-ecdsa-pki]. 735 Changes will be made if anything is found specific to either ECDSA or 736 ED25519. 738 Creating this document was a real education in the state of openSSL, 739 X.509 certificate guidance, and just general level of certificate 740 awareness. Here are a few short notes. 742 10.1. Certificate Serial Number 744 The certificate serial number's role is to provide yet another way to 745 maintain uniqueness of certificates within a pki as well as a way to 746 index them in a data store. It has taken on other roles, most 747 notably as a defense. 749 The CABForum guideline for a public CA is for the serial number to be 750 a random number at least 8 octets long and no longer than 20 bytes. 751 By default, openssl makes self-signed certificates with 8 octet 752 serial numbers. This guide uses openssl's RAND function to generate 753 the random value and pipe it into the -set_serial option. This 754 number MAY have the first bit as a ONE; the DER encoding rules 755 prepend such numbers with 0x00. Thus the limit of '19' for the 756 variable 'ns'. 758 A private CA need not follow the CABForum rules and can use anything 759 number for the serial number. For example, the root CA (which has no 760 security risks mitigated by using a random value) could use '1' as 761 its serial number. Intermediate and End Entity certificate serial 762 numbers can also be of any value if a strong hash, like SHA256 used 763 here. A value of 4 for ns would provide a sufficient population so 764 that a CA of 10,000 EE certificates will have only a 1.2% probability 765 of a collision. For only 1,000 certificates the probability drops to 766 0.012%. 768 The following was proposed on the openssl-user list as an alternative 769 to using the RAND function: 771 Keep k bits (k/8 octets) long serial numbers for all your 772 certificates, chose a block cipher operating on blocks of k bits, and 773 operate this block cipher in CTR mode, with a proper secret key and 774 secret starting counter. That way, no collision detection is 775 necessary, you'll be able to generate 2^(k/2) unique k bits longs 776 serial numbers (in fact, you can generate 2^k unique serial numbers, 777 but after 2^(k/2) you lose some security guarantees). 779 With 3DES, k=64, and with AES, k=128. 781 10.2. Some OpenSSL config file limitations 783 There is a bit of inconsistency in how different parts and fields in 784 the config file are used. Environment variables can only be used as 785 values. Some fields can have null values, others cannot. The lack 786 of allowing null fields means a script cannot feed in an environment 787 variable with value null. In such a case, the field has to be 788 removed from the config file. 790 The expectation is each CA within a PKI has its own config file, 791 customized to the certificates supported by that CA. 793 10.3. subjectAltName support, or lack thereof 795 There is no direct openssl command line option to provide a 796 subjectAltName for a certificate. This is a serious limitation. Per 797 RFC 2818 [RFC2818] SAN is the object for providing email addresses 798 and DNS addresses (FQDN), yet the common practice has been to use the 799 commonName object within the distinguishedName object. How much of 800 this is due to the difficulty in creating certificates with a SAN? 802 Thus the only way to provide a SAN is through the config file. And 803 there are two approaches. This document uses an environment variable 804 to provide the SAN value into the config file. Another approach is 805 to use piping as in: 807 openssl req -new -key domain.key\ 808 -subj "/C=US/ST=CA/O=Acme, Inc./CN=foo.com" -reqexts SAN\ 809 -config <(cat /etc/ssl/openssl.cnf\ 810 <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))\ 811 -out domain.csr 813 10.4. DER support, or lack thereof 815 The long, hard-fought battle with openssl to create a full DER pki 816 failed. The is no facility to create a DER certificate from a DER 817 CSR. It just is not there in the 'openssl ca' command. Even the 818 'openssl x509 -req' command cannot do this for a simple certificate. 820 Further, there is no 'hack' for making a certificate chain as there 821 is with PEM. With PEM a simple concatenation of the certificates 822 create a usable certificate chain. For DER, some recommend using 823 PKCS#7 [RFC2315], where others point out that this format is poorly 824 support 'in the field', whereas PKCS#12 [RFC7292] works for them. 826 Finally, openssl does support converting a PEM certificate to DER: 828 openssl x509 -outform der -in certificate.pem -out certificate.der 830 This should also work for the keypair. However, in a highly 831 constrained device it may make more sense to just store the raw 832 keypair in the device's very limited secure storage. 834 11. IANA Considerations 836 TBD. May be nothing for IANA. 838 12. Security Considerations 840 This section is a complete copy of [I-D.moskowitz-ecdsa-pki]. 841 Changes will be made if anything is found specific to either ECDSA or 842 EDDSA. 844 12.1. Adequate Randomness 846 Creating certificates takes a lot of random numbers. A good source 847 of random numbers is critical. Studies [WeakKeys] have found 848 excessive amount of certificates, all with the same keys due to bad 849 randomness on the generating systems. The amount of entropy 850 available for these random numbers can be tested. On Fedora/Centos 851 use: 853 cat /proc/sys/kernel/random/entropy_avail 855 If the value is low (below 1000) check your system's randomness 856 source. Is rng-tools installed? Consider adding an entropy 857 collection service like haveged from issihosts.com/haveged. 859 12.2. Key pair Theft 861 During the certificate creation, particularly during keypair 862 generation, the files are vulnerable to theft. This can be mitigate 863 using umask. Before using openssl, set umask: 865 restore_mask=$(umask -p) 866 umask 077 868 Afterwards, restore it with: 870 $restore_mask 872 13. Acknowledgments 874 This work is possible because of the availability of openSSL 1.1.1. 875 As in [I-D.moskowitz-ecdsa-pki], the openssl-user mailing list, with 876 its many supportive experts, was of immense help in the nuance 877 differences between ECDSA and EDDSA. 879 14. References 881 14.1. Normative References 883 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 884 Requirement Levels", BCP 14, RFC 2119, 885 DOI 10.17487/RFC2119, March 1997, 886 . 888 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 889 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 890 May 2017, . 892 14.2. Informative References 894 [I-D.moskowitz-ecdsa-pki] 895 Moskowitz, R., Birkholz, H., Xia, L., and M. Richardson, 896 "Guide for building an ECC pki", draft-moskowitz-ecdsa- 897 pki-05 (work in progress), March 2019. 899 [IEEE.802.1AR_2009] 900 IEEE, "IEEE Standard for Local and metropolitan area 901 networks - Secure Device Identity", IEEE 802.1AR-2009, 902 DOI 10.1109/ieeestd.2009.5367679, December 2009, 903 . 906 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 907 Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, 908 . 910 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 911 DOI 10.17487/RFC2818, May 2000, 912 . 914 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 915 and M. Scott, "PKCS #12: Personal Information Exchange 916 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 917 . 919 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital 920 Signature Algorithm (EdDSA)", RFC 8032, 921 DOI 10.17487/RFC8032, January 2017, 922 . 924 [WeakKeys] 925 Heninger, N., Durumeric, Z., Wustrow, E., and J. 926 Halderman, "Detection of Widespread Weak Keys in Network 927 Devices", July 2011, 928 . 931 Appendix A. OpenSSL config files 933 A.1. OpenSSL Root config file 935 The following is the openssl-root.cnf file contents 937 # OpenSSL root CA configuration file. 938 # Copy to `$dir/openssl-root.cnf`. 940 [ ca ] 941 # `man ca` 942 default_ca = CA_default 944 [ CA_default ] 945 # Directory and file locations. 946 dir = $ENV::dir 947 cadir = $ENV::cadir 948 format = $ENV::format 950 certs = $dir/certs 951 crl_dir = $dir/crl 952 new_certs_dir = $dir/newcerts 953 database = $dir/index.txt 954 serial = $dir/serial 955 RANDFILE = $dir/private/.rand 957 # The root key and root certificate. 958 private_key = $cadir/private/ca.key.$format 959 certificate = $cadir/certs/ca.cert.$format 961 # For certificate revocation lists. 962 crlnumber = $dir/crlnumber 963 crl = $dir/crl/ca.crl.pem 964 crl_extensions = crl_ext 965 default_crl_days = 30 967 # SHA-1 is deprecated, so use SHA-2 instead. 968 default_md = sha256 970 name_opt = ca_default 971 cert_opt = ca_default 972 default_days = 375 973 preserve = no 974 policy = policy_strict 975 copy_extensions = copy 977 [ policy_strict ] 978 # The root CA should only sign intermediate certificates that match. 979 # See the POLICY FORMAT section of `man ca`. 980 countryName = match 981 stateOrProvinceName = match 982 organizationName = match 983 organizationalUnitName = optional 984 commonName = optional 986 [ policy_loose ] 987 # Allow the intermediate CA to sign a more 988 # diverse range of certificates. 989 # See the POLICY FORMAT section of the `ca` man page. 990 countryName = optional 991 stateOrProvinceName = optional 992 localityName = optional 993 organizationName = optional 994 organizationalUnitName = optional 995 commonName = optional 997 [ req ] 998 # Options for the `req` tool (`man req`). 999 default_bits = 2048 1000 distinguished_name = req_distinguished_name 1001 string_mask = utf8only 1002 req_extensions = req_ext 1004 # SHA-1 is deprecated, so use SHA-2 instead. 1005 default_md = sha256 1007 # Extension to add when the -x509 option is used. 1008 x509_extensions = v3_ca 1010 [ req_distinguished_name ] 1011 # See . 1012 countryName = Country Name (2 letter code) 1013 stateOrProvinceName = State or Province Name 1014 localityName = Locality Name 1015 0.organizationName = Organization Name 1016 organizationalUnitName = Organizational Unit Name 1017 commonName = Common Name 1018 # Optionally, specify some defaults. 1019 # countryName_default = US 1020 # stateOrProvinceName_default = MI 1021 # localityName_default = Oak Park 1022 # 0.organizationName_default = HTT Consulting 1023 # organizationalUnitName_default = 1025 [ req_ext ] 1026 subjectAltName = $ENV::subjectAltName 1028 [ v3_ca ] 1029 # Extensions for a typical CA (`man x509v3_config`). 1030 subjectKeyIdentifier = hash 1031 authorityKeyIdentifier = keyid:always,issuer 1032 basicConstraints = critical, CA:true 1033 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1034 keyUsage = critical, cRLSign, keyCertSign 1035 subjectAltName = $ENV::subjectAltName 1037 [ v3_intermediate_ca ] 1038 # Extensions for a typical intermediate CA (`man x509v3_config`). 1039 subjectKeyIdentifier = hash 1040 authorityKeyIdentifier = keyid:always,issuer 1041 basicConstraints = critical, CA:true, pathlen:0 1042 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1043 keyUsage = critical, cRLSign, keyCertSign 1045 [ crl_ext ] 1046 # Extension for CRLs (`man x509v3_config`). 1047 authorityKeyIdentifier=keyid:always 1049 [ ocsp ] 1050 # Extension for OCSP signing certificates (`man ocsp`). 1051 basicConstraints = CA:FALSE 1052 subjectKeyIdentifier = hash 1053 authorityKeyIdentifier = keyid,issuer 1054 keyUsage = critical, digitalSignature 1055 extendedKeyUsage = critical, OCSPSigning 1057 A.2. OpenSSL Intermediate config file 1059 The following is the openssl-intermediate.cnf file contents. 1061 Remove the crlDistributionPoints to drop CRL support and 1062 authorityInfoAccess to drop OCSP support. 1064 # OpenSSL intermediate CA configuration file. 1065 # Copy to `$dir/openssl-intermediate.cnf`. 1067 [ ca ] 1068 # `man ca` 1069 default_ca = CA_default 1071 [ CA_default ] 1072 # Directory and file locations. 1073 dir = $ENV::dir 1074 cadir = $ENV::cadir 1075 format = $ENV::format 1077 certs = $dir/certs 1078 crl_dir = $dir/crl 1079 new_certs_dir = $dir/newcerts 1080 database = $dir/index.txt 1081 serial = $dir/serial 1082 RANDFILE = $dir/private/.rand 1084 # The Intermediate key and Intermediate certificate. 1085 private_key = $dir/private/intermediate.key.$format 1086 certificate = $dir/certs/intermediate.cert.$format 1088 # For certificate revocation lists. 1089 crlnumber = $dir/crlnumber 1090 crl = $dir/crl/intermediate.crl.pem 1091 crl_extensions = crl_ext 1092 default_crl_days = $ENV::default_crl_days 1094 # SHA-1 is deprecated, so use SHA-2 instead. 1095 default_md = sha256 1097 name_opt = ca_default 1098 cert_opt = ca_default 1099 default_days = 375 1100 preserve = no 1101 policy = policy_loose 1102 copy_extensions = copy 1104 [ policy_strict ] 1105 # The root CA should only sign intermediate certificates that match. 1106 # See the POLICY FORMAT section of `man ca`. 1107 countryName = match 1108 stateOrProvinceName = match 1109 organizationName = match 1110 organizationalUnitName = optional 1111 commonName = optional 1113 [ policy_loose ] 1114 # Allow the intermediate CA to sign a more 1115 # diverse range of certificates. 1116 # See the POLICY FORMAT section of the `ca` man page. 1117 countryName = optional 1118 stateOrProvinceName = optional 1119 localityName = optional 1120 organizationName = optional 1121 organizationalUnitName = optional 1122 commonName = optional 1123 UID = optional 1125 [ req ] 1126 # Options for the `req` tool (`man req`). 1127 default_bits = 2048 1128 distinguished_name = req_distinguished_name 1129 string_mask = utf8only 1130 req_extensions = req_ext 1132 # SHA-1 is deprecated, so use SHA-2 instead. 1133 default_md = sha256 1135 # Extension to add when the -x509 option is used. 1136 x509_extensions = v3_ca 1138 [ req_distinguished_name ] 1139 # See . 1140 countryName = Country Name (2 letter code) 1141 stateOrProvinceName = State or Province Name 1142 localityName = Locality Name 1143 0.organizationName = Organization Name 1144 organizationalUnitName = Organizational Unit Name 1145 commonName = Common Name 1146 UID = User ID 1148 # Optionally, specify some defaults. 1149 # countryName_default = US 1150 # stateOrProvinceName_default = MI 1151 # localityName_default = Oak Park 1152 # 0.organizationName_default = HTT Consulting 1153 # organizationalUnitName_default = 1155 [ req_ext ] 1156 subjectAltName = $ENV::subjectAltName 1158 [ v3_ca ] 1159 # Extensions for a typical CA (`man x509v3_config`). 1160 subjectKeyIdentifier = hash 1161 authorityKeyIdentifier = keyid:always,issuer 1162 basicConstraints = critical, CA:true 1163 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1164 keyUsage = critical, cRLSign, keyCertSign 1166 [ v3_intermediate_ca ] 1167 # Extensions for a typical intermediate CA (`man x509v3_config`). 1168 subjectKeyIdentifier = hash 1169 authorityKeyIdentifier = keyid:always,issuer 1170 basicConstraints = critical, CA:true, pathlen:0 1171 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1172 keyUsage = critical, cRLSign, keyCertSign 1174 [ usr_cert ] 1175 # Extensions for client certificates (`man x509v3_config`). 1176 basicConstraints = CA:FALSE 1177 nsCertType = client, email 1178 nsComment = "OpenSSL Generated Client Certificate" 1179 subjectKeyIdentifier = hash 1180 authorityKeyIdentifier = keyid,issuer 1181 keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment 1182 extendedKeyUsage = clientAuth, emailProtection 1183 # uncomment the following if the ENV variables set 1184 # crlDistributionPoints = $ENV::crlDP 1185 # authorityInfoAccess = $ENV::ocspIAI 1187 [ server_cert ] 1188 # Extensions for server certificates (`man x509v3_config`). 1189 basicConstraints = CA:FALSE 1190 nsCertType = server 1191 nsComment = "OpenSSL Generated Server Certificate" 1192 subjectKeyIdentifier = hash 1193 authorityKeyIdentifier = keyid,issuer:always 1194 keyUsage = critical, digitalSignature, keyEncipherment 1195 extendedKeyUsage = serverAuth 1196 # uncomment the following if the ENV variables set 1197 # crlDistributionPoints = $ENV::crlDP 1198 # authorityInfoAccess = $ENV::ocspIAI 1200 [ crl_ext ] 1201 # Extension for CRLs (`man x509v3_config`). 1202 authorityKeyIdentifier=keyid:always 1204 [ ocsp ] 1205 # Extension for OCSP signing certificates (`man ocsp`). 1206 basicConstraints = CA:FALSE 1207 subjectKeyIdentifier = hash 1208 authorityKeyIdentifier = keyid,issuer 1209 keyUsage = critical, digitalSignature 1210 extendedKeyUsage = critical, OCSPSigning 1212 A.3. OpenSSL 802.1AR Intermediate config file 1214 The following is the openssl-8021ARintermediate.cnf file contents. 1216 Remove the crlDistributionPoints to drop CRL support and 1217 authorityInfoAccess to drop OCSP support. 1219 # OpenSSL 8021ARintermediate CA configuration file. 1220 # Copy to `$dir/openssl-8021ARintermediate.cnf`. 1222 [ ca ] 1223 # `man ca` 1224 default_ca = CA_default 1226 [ CA_default ] 1227 # Directory and file locations. 1228 # dir = /root/ca/8021ARintermediate 1229 dir = $ENV::dir 1230 cadir = $ENV::cadir 1231 format = $ENV::format 1233 certs = $dir/certs 1234 crl_dir = $dir/crl 1235 new_certs_dir = $dir/newcerts 1236 database = $dir/index.txt 1237 serial = $dir/serial 1238 RANDFILE = $dir/private/.rand 1240 # The root key and root certificate. 1241 private_key = $dir/private/8021ARintermediate.key.$format 1242 certificate = $dir/certs/8021ARintermediate.cert.$format 1244 # For certificate revocation lists. 1245 crlnumber = $dir/crlnumber 1246 crl = $dir/crl/ca.crl.pem 1247 crl_extensions = crl_ext 1248 default_crl_days = $ENV::default_crl_days 1250 # SHA-1 is deprecated, so use SHA-2 instead. 1251 default_md = sha256 1253 name_opt = ca_default 1254 cert_opt = ca_default 1255 default_enddate = 99991231235959Z # per IEEE 802.1AR 1256 preserve = no 1257 policy = policy_loose 1258 copy_extensions = copy 1260 [ policy_strict ] 1261 # The root CA should only sign 8021ARintermediate 1262 # certificates that match. 1263 # See the POLICY FORMAT section of `man ca`. 1264 countryName = match 1265 stateOrProvinceName = match 1266 organizationName = match 1267 organizationalUnitName = optional 1268 commonName = optional 1270 [ policy_loose ] 1271 # Allow the 8021ARintermediate CA to sign 1272 # a more diverse range of certificates. 1273 # See the POLICY FORMAT section of the `ca` man page. 1274 countryName = optional 1275 stateOrProvinceName = optional 1276 localityName = optional 1277 organizationName = optional 1278 organizationalUnitName = optional 1279 commonName = optional 1280 serialNumber = optional 1282 [ req ] 1283 # Options for the `req` tool (`man req`). 1284 default_bits = 2048 1285 distinguished_name = req_distinguished_name 1286 string_mask = utf8only 1287 req_extensions = req_ext 1289 # SHA-1 is deprecated, so use SHA-2 instead. 1290 default_md = sha256 1292 # Extension to add when the -x509 option is used. 1293 x509_extensions = v3_ca 1295 [ req_distinguished_name ] 1296 # See . 1297 countryName = Country Name (2 letter code) 1298 stateOrProvinceName = State or Province Name 1299 localityName = Locality Name 1300 0.organizationName = Organization Name 1301 organizationalUnitName = Organizational Unit Name 1302 commonName = Common Name 1303 serialNumber = Device Serial Number 1305 # Optionally, specify some defaults. 1306 0.organizationName_default = HTT Consulting 1307 organizationalUnitName_default = Devices 1309 [ req_ext ] 1310 subjectAltName = $ENV::subjectAltName 1312 [ hmodname ] 1313 hwType = OID:$ENV::hwType 1314 hwSerialNum = FORMAT:HEX,OCT:$ENV::hwSerialNum 1316 [ v3_ca ] 1317 # Extensions for a typical CA (`man x509v3_config`). 1318 subjectKeyIdentifier = hash 1319 authorityKeyIdentifier = keyid:always,issuer 1320 basicConstraints = critical, CA:true 1321 keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1323 [ v3_8021ARintermediate_ca ] 1324 # Extensions for a typical 1325 # 8021ARintermediate CA (`man x509v3_config`). 1326 subjectKeyIdentifier = hash 1327 authorityKeyIdentifier = keyid:always,issuer 1328 basicConstraints = critical, CA:true, pathlen:0 1329 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1330 keyUsage = critical, cRLSign, keyCertSign 1332 [ 8021ar_idevid ] 1333 # Extensions for IEEE 802.1AR iDevID 1334 # certificates (`man x509v3_config`). 1335 basicConstraints = CA:FALSE 1336 authorityKeyIdentifier = keyid,issuer:always 1337 keyUsage = critical, digitalSignature, keyEncipherment 1338 # uncomment the following if the ENV variables set 1339 # crlDistributionPoints = $ENV::crlDP 1340 # authorityInfoAccess = $ENV::ocspIAI 1342 [ crl_ext ] 1343 # Extension for CRLs (`man x509v3_config`). 1344 authorityKeyIdentifier=keyid:always 1346 [ ocsp ] 1347 # Extension for OCSP signing certificates (`man ocsp`). 1348 basicConstraints = CA:FALSE 1349 subjectKeyIdentifier = hash 1350 authorityKeyIdentifier = keyid,issuer 1351 keyUsage = critical, digitalSignature 1352 extendedKeyUsage = critical, OCSPSigning 1354 Authors' Addresses 1356 Robert Moskowitz 1357 HTT Consulting 1358 Oak Park, MI 48237 1360 Email: rgm@labs.htt-consult.com 1362 Henk Birkholz 1363 Fraunhofer SIT 1364 Rheinstrasse 75 1365 Darmstadt 64295 1366 Germany 1368 Email: henk.birkholz@sit.fraunhofer.de 1370 Michael C. Richardson 1371 Sandelman Software Works 1373 Email: mcr+ietf@sandelman.ca 1374 URI: http://www.sandelman.ca/