idnits 2.17.1 draft-moskowitz-eddsa-pki-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (9 March 2020) is 1508 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-10) exists of draft-moskowitz-ecdsa-pki-08 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 wg TBD R. Moskowitz 3 Internet-Draft HTT Consulting 4 Intended status: Informational H. Birkholz 5 Expires: 10 September 2020 Fraunhofer SIT 6 M. Richardson 7 Sandelman 8 9 March 2020 10 Guide for building an EDDSA pki 11 draft-moskowitz-eddsa-pki-03 13 Abstract 15 This memo provides a guide for building a PKI (Public Key 16 Infrastructure) using openSSL. Certificates in this guide can be 17 either ED25519 or ED448 certificates. Along with common End Entity 18 certificates, this guide provides instructions for creating IEEE 19 802.1AR iDevID Secure Device certificates. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on 10 September 2020. 38 Copyright Notice 40 Copyright (c) 2020 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 45 license-info) in effect on the date of publication of this document. 46 Please review these documents carefully, as they describe your rights 47 and restrictions with respect to this document. Code Components 48 extracted from this document must include Simplified BSD License text 49 as described in Section 4.e of the Trust Legal Provisions and are 50 provided without warranty as described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 3 56 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 3 57 2.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. Comparing ECDSA and EDDSA certificates . . . . . . . . . . . 4 60 4. The Basic PKI feature set . . . . . . . . . . . . . . . . . . 4 61 5. Getting started and the Root level . . . . . . . . . . . . . 5 62 5.1. Setting up the Environment . . . . . . . . . . . . . . . 5 63 5.2. Create the Root Certificate . . . . . . . . . . . . . . . 6 64 6. The Intermediate level . . . . . . . . . . . . . . . . . . . 7 65 6.1. Setting up the Intermediate Certificate Environment . . . 7 66 6.2. Create the Intermediate Certificate . . . . . . . . . . . 8 67 6.3. Create a Server EE Certificate . . . . . . . . . . . . . 9 68 6.4. Create a Client EE Certificate . . . . . . . . . . . . . 10 69 7. The 802.1AR Intermediate level . . . . . . . . . . . . . . . 11 70 7.1. Setting up the 802.1AR Intermediate Certificate 71 Environment . . . . . . . . . . . . . . . . . . . . . . . 11 72 7.2. Create the 802.1AR Intermediate Certificate . . . . . . . 12 73 7.3. Create an 802.1AR iDevID Certificate . . . . . . . . . . 13 74 8. Setting up a CRL for an Intermediate CA . . . . . . . . . . . 15 75 8.1. Create (or recreate) the CRL . . . . . . . . . . . . . . 15 76 8.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 15 77 9. Setting up OCSP for an Intermediate CA . . . . . . . . . . . 15 78 9.1. Create the OCSP Certificate . . . . . . . . . . . . . . . 16 79 9.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 17 80 9.3. Testing OCSP with Openssl . . . . . . . . . . . . . . . . 17 81 10. Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 17 82 10.1. Certificate Serial Number . . . . . . . . . . . . . . . 18 83 10.2. Some OpenSSL config file limitations . . . . . . . . . . 18 84 10.3. subjectAltName support, or lack thereof . . . . . . . . 19 85 10.4. Certificates with only subjectAltName . . . . . . . . . 19 86 10.5. DER support, or lack thereof . . . . . . . . . . . . . . 19 87 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 88 12. Security Considerations . . . . . . . . . . . . . . . . . . . 20 89 12.1. Adequate Randomness . . . . . . . . . . . . . . . . . . 20 90 12.2. Key pair Theft . . . . . . . . . . . . . . . . . . . . . 20 91 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 92 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 93 14.1. Normative References . . . . . . . . . . . . . . . . . . 21 94 14.2. Informative References . . . . . . . . . . . . . . . . . 21 95 Appendix A. OpenSSL config files . . . . . . . . . . . . . . . . 22 96 A.1. OpenSSL Root config file . . . . . . . . . . . . . . . . 22 97 A.2. OpenSSL Intermediate config file . . . . . . . . . . . . 25 98 A.3. OpenSSL 802.1AR Intermediate config file . . . . . . . . 28 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 31 101 1. Introduction 103 The IETF has adopted the Edwards Elliptic Curve and related 104 algorithms. These algorithms hold out the promise of greater 105 efficiency and better understood security risks. This efficiency 106 could make that critical difference to allow them to be used in some 107 constrained IoT devices. 109 This effort provides the steps, using the openSSL application, to 110 create such a PKI of ED25519 or ED448 certificates (RFC 8032 111 [RFC8032]). The goal is that any developer or tester can follow 112 these steps, create the basic objects needed and establish the 113 validity of the standard/program design. This guide can even be used 114 to create a production PKi, though additional steps need to be taken. 115 This could be very useful to a small vendor needing to include 116 802.1AR [IEEE.802.1AR_2009] iDevIDs in their product (Note: EDDSA 117 certificates are not supported in even the forthcoming 802.1AR-2018; 118 this is for future work). 120 This guide was developed with openSSL 1.1.1 on Fedora 29-beta and 121 creates PEM-based certificates. It closely follows 122 [I-D.moskowitz-ecdsa-pki]. 124 2. Terms and Definitions 126 2.1. Requirements Terminology 128 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 129 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 130 "OPTIONAL" in this document are to be interpreted as described in BCP 131 14 [RFC2119] [RFC8174] when, and only when, they appear in all 132 capitals, as shown here. 134 2.2. Notations 136 This section will contain notations 138 2.3. Definitions 140 There are no draft specific definitions at this time 142 3. Comparing ECDSA and EDDSA certificates 144 There are two differences between ECDSA and EDDSA certificates that 145 impact the use of openSSL. There are no options with EDDSA, and thus 146 the pkeyopt variable is not used. 148 Likewise there are no hash options. For example, neither ED25519 or 149 ED448 signs a hash of the certificate. As such, none of the hash 150 options should be needed. 152 It should be noted here that ED25519 certificates can be ~100 bytes 153 smaller than corresponding ECDSA certificates. This size difference 154 may be critical in some devices and communication technologies. 155 ED448 certificates are similar in size with ECDSA p256 certificates 156 yet with a stronger security claim. 158 4. The Basic PKI feature set 160 A basic pki has two levels of hierarchy: Root and Intermediate. The 161 Root level has the greatest risk, and is the least used. It only 162 signs the Intermediate level signing certificate. As such, once the 163 Root level is created and signs the Intermediate level certificate it 164 can be locked up. In fact, the Root level could exist completely on 165 a uSD boot card for an ARM small computer like a RaspberryPi. A copy 166 of this card can be made and securely stored in a different location. 168 The Root level contains the Root certificate private key, a database 169 of all signed certificates, and the public certificate. It can also 170 contain the Intermediate level public certificate and a Root level 171 CRL. 173 The Intermediate level contains the Intermediate certificate private 174 key, the public certificate, a database of all signed certificates, 175 the certificate trust chain, and Intermediate level CRL. It can also 176 contain the End Entity public certificates. The private key file 177 needs to be keep securely. For example as with the Root level, a mSD 178 image for an ARM computer could contain the complete Intermediate 179 level. This image is kept offline. The End Entity CSR is copied to 180 it, signed, and then the signed certificate and updated database are 181 moved to the public image that lacks the private key. 183 For a simple test pki, all files can be kept on a single system that 184 is managed by the tester. 186 End Entities create a key pair and a Certificate Signing Request 187 (CSR). The private key is stored securely. The CSR is delivered to 188 the Intermediate level which uses the CSR to create the End Entity 189 certificate. This certificate, along with the trust chain back to 190 the root, is then returned to the End Entity. 192 There is more to a pki, but this suffices for most development and 193 testing needs. 195 5. Getting started and the Root level 197 This guide was developed on a Fedora 29-beta armv7hl system 198 (Cubieboard2 SoC). It should work on most Linux and similar systems 199 that support openSSL 1.1.1. All work was done in a terminal window 200 with extensive "cutting and pasting" from this draft guide into the 201 terminal window. Users of this guide may find different behaviors 202 based on their system. 204 5.1. Setting up the Environment 206 The first step is to create the pki environment. Modify the 207 variables to suit your needs. 209 export dir=/root/ca 210 export cadir=/root/ca 211 export format=pem 212 export algorithm=ed25519 # or ed448 213 mkdir $dir 214 cd $dir 215 mkdir certs crl csr newcerts private 216 chmod 700 private 217 touch index.txt 218 touch serial 219 sn=8 221 countryName="/C=US" 222 stateOrProvinceName="/ST=MI" 223 localityName="/L=Oak Park" 224 organizationName="/O=HTT Consulting" 225 #organizationalUnitName="/OU=" 226 organizationalUnitName= 227 commonName="/CN=Root CA" 228 DN=$countryName$stateOrProvinceName$localityName 229 DN=$DN$organizationName$organizationalUnitName$commonName 230 echo $DN 231 export subjectAltName=email:postmaster@htt-consult.com 233 Where: 235 dir 236 Directory for certificate files 238 cadir 239 Directory for Root certificate files 241 Format 242 File encoding: PEM or DER 244 At this time only PEM works 246 sn 247 Serial Number length in bytes 249 For a public CA the range is 8 to 19 251 The Serial Number length for a public pki ranges from 8 to 19 bytes. 252 The use of 19 rather than 20 is to accommodate the hex representation 253 of the Serial Number. If it has a one in the high order bit, DER 254 encoding rules will place a 0x00 in front. 256 The DN and SAN fields are examples. Change them to appropriate 257 values. If you leave one blank, it will be left out of the 258 Certificate. "OU" above is an example of an empty DN object. 260 Create the file, $dir/openssl-root.cnf from the contents in 261 Appendix A.1. 263 5.2. Create the Root Certificate 265 Next are the openssl commands to create the Root certificate keypair, 266 and the Root certificate. Included are commands to view the file 267 contents. 269 # Create passworded keypair file 271 openssl genpkey -aes256 -algorithm $algorithm\ 272 -outform $format -out $dir/private/ca.key.$format 273 chmod 400 $dir/private/ca.key.$format 274 openssl pkey -inform $format -in $dir/private/ca.key.$format\ 275 -text -noout 277 # Create Self-signed Root Certificate file 278 # 7300 days = 20 years; Intermediate CA is 10 years. 280 openssl req -config $dir/openssl-root.cnf\ 281 -set_serial 0x$(openssl rand -hex $sn)\ 282 -keyform $format -outform $format\ 283 -key $dir/private/ca.key.$format -subj "$DN"\ 284 -new -x509 -days 7300 -extensions v3_ca\ 285 -out $dir/certs/ca.cert.$format 287 # 289 openssl x509 -inform $format -in $dir/certs/ca.cert.$format\ 290 -text -noout 291 openssl x509 -purpose -inform $format\ 292 -in $dir/certs/ca.cert.$format -inform $format 294 6. The Intermediate level 296 6.1. Setting up the Intermediate Certificate Environment 298 The next part is to create the Intermediate pki environment. Modify 299 the variables to suit your needs. In particular, set the variables 300 for CRL and/or OCSP support. 302 export dir=$cadir/intermediate 303 mkdir $dir 304 cd $dir 305 mkdir certs crl csr newcerts private 306 chmod 700 private 307 touch index.txt 308 sn=8 # hex 8 is minimum, 19 is maximum 309 echo 1000 > $dir/crlnumber 311 # cd $dir 312 export crlDP= 313 # For CRL support use uncomment these: 314 #crl=intermediate.crl.pem 315 #crlurl=www.htt-consult.com/pki/$crl 316 #export crlDP="URI:http://$crlurl" 317 export default_crl_days=30 318 export ocspIAI= 319 # For OCSP support use uncomment these: 320 #ocspurl=ocsp.htt-consult.com 321 #export ocspIAI="OCSP;URI:http://$ocspurl" 323 commonName="/CN=Signing CA" 324 DN=$countryName$stateOrProvinceName$localityName$organizationName 325 DN=$DN$organizationalUnitName$commonName 326 echo $DN 328 Create the file, $dir/openssl-intermediate.cnf from the contents in 329 Appendix A.2. Uncomment lines for crlDistributionPoints and 330 authorityInfoAccess if using CRLs or OSCP repectfully. 332 6.2. Create the Intermediate Certificate 334 Here are the openssl commands to create the Intermediate certificate 335 keypair, Intermediate certificate signed request (CSR), and the 336 Intermediate certificate. Included are commands to view the file 337 contents. 339 # Create passworded keypair file 341 openssl genpkey -aes256 -algorithm $algorithm\ 342 -outform $format -out $dir/private/intermediate.key.$format 343 chmod 400 $dir/private/intermediate.key.$format 344 openssl pkey -inform $format\ 345 -in $dir/private/intermediate.key.$format -text -noout 347 # Create the CSR 349 openssl req -config $cadir/openssl-root.cnf\ 350 -key $dir/private/intermediate.key.$format \ 351 -keyform $format -outform $format -subj "$DN" -new\ 352 -out $dir/csr/intermediate.csr.$format 353 openssl req -text -noout -verify -inform $format\ 354 -in $dir/csr/intermediate.csr.$format 356 # Create Intermediate Certificate file 358 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 359 # Note 'openssl ca' does not support DER format 360 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 361 -extensions v3_intermediate_ca -notext \ 362 -in $dir/csr/intermediate.csr.$format\ 363 -out $dir/certs/intermediate.cert.pem 365 chmod 444 $dir/certs/intermediate.cert.$format 367 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 368 $dir/certs/intermediate.cert.$format 370 openssl x509 -noout -text -in $dir/certs/intermediate.cert.$format 372 # Create the certificate chain file 374 cat $dir/certs/intermediate.cert.$format\ 375 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 376 chmod 444 $dir/certs/ca-chain.cert.$format 378 6.3. Create a Server EE Certificate 380 Here are the openssl commands to create a Server End Entity 381 certificate keypair, Server certificate signed request (CSR), and the 382 Server certificate. Included are commands to view the file contents. 384 commonName= 385 DN=$countryName$stateOrProvinceName$localityName 386 DN=$DN$organizationName$organizationalUnitName$commonName 387 echo $DN 388 serverfqdn=www.example.com 389 emailaddr=postmaster@htt-consult.com 390 export subjectAltName="DNS:$serverfqdn, email:$emailaddr" 391 echo $subjectAltName 392 openssl genpkey -algorithm $algorithm\ 393 -out $dir/private/$serverfqdn.key.$format 394 chmod 400 $dir/private/$serverfqdn.$format 395 openssl pkey -in $dir/private/$serverfqdn.key.$format -text -noout 396 openssl req -config $dir/openssl-intermediate.cnf\ 397 -key $dir/private/$serverfqdn.key.$format \ 398 -subj "$DN" -new -out $dir/csr/$serverfqdn.csr.$format 400 openssl req -text -noout -verify -in $dir/csr/$serverfqdn.csr.$format 402 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 403 # Note 'openssl ca' does not support DER format 404 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 405 -extensions server_cert -notext \ 406 -in $dir/csr/$serverfqdn.csr.$format\ 407 -out $dir/certs/$serverfqdn.cert.$format 408 chmod 444 $dir/certs/$serverfqdn.cert.$format 410 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 411 $dir/certs/$serverfqdn.cert.$format 412 openssl x509 -noout -text -in $dir/certs/$serverfqdn.cert.$format 414 6.4. Create a Client EE Certificate 416 Here are the openssl commands to create a Client End Entity 417 certificate keypair, Client certificate signed request (CSR), and the 418 Client certificate. Included are commands to view the file contents. 420 commonName= 421 UserID="/UID=rgm" 422 DN=$countryName$stateOrProvinceName$localityName 423 DN=$DN$organizationName$organizationalUnitName$commonName$UserID 424 echo $DN 425 clientemail=rgm@example.com 426 export subjectAltName="email:$clientemail" 427 echo $subjectAltName 428 openssl genpkey -algorithm $algorithm\ 429 -out $dir/private/$clientemail.key.$format 430 chmod 400 $dir/private/$clientemail.$format 431 openssl pkey -in $dir/private/$clientemail.key.$format -text -noout 432 openssl req -config $dir/openssl-intermediate.cnf\ 433 -key $dir/private/$clientemail.key.$format \ 434 -subj "$DN" -new -out $dir/csr/$clientemail.csr.$format 436 openssl req -text -noout -verify\ 437 -in $dir/csr/$clientemail.csr.$format 439 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 440 # Note 'openssl ca' does not support DER format 441 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 442 -extensions usr_cert -notext \ 443 -in $dir/csr/$clientemail.csr.$format\ 444 -out $dir/certs/$clientemail.cert.$format 445 chmod 444 $dir/certs/$clientemail.cert.$format 447 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 448 $dir/certs/$clientemail.cert.$format 449 openssl x509 -noout -text -in $dir/certs/$clientemail.cert.$format 451 7. The 802.1AR Intermediate level 453 7.1. Setting up the 802.1AR Intermediate Certificate Environment 455 The next part is to create the 802.1AR Intermediate pki environment. 456 This is very similar to the Intermediate pki environment. Modify the 457 variables to suit your needs. 459 export dir=$cadir/8021ARintermediate 460 mkdir $dir 461 cd $dir 462 mkdir certs crl csr newcerts private 463 chmod 700 private 464 touch index.txt 465 sn=8 # hex 8 is minimum, 19 is maximum 466 echo 1000 > $dir/crlnumber 468 # cd $dir 469 export crlDP= 470 # For CRL support use uncomment these: 471 #crl=8021ARintermediate.crl.pem 472 #crlurl=www.htt-consult.com/pki/$crl 473 #export crlDP="URI:http://$crlurl" 474 export default_crl_days=30 475 export ocspIAI= 476 # For OCSP support use uncomment these: 477 #ocspurl=ocsp.htt-consult.com 478 #export ocspIAI="OCSP;URI:http://$ocspurl" 480 countryName="/C=US" 481 stateOrProvinceName="/ST=MI" 482 localityName="/L=Oak Park" 483 organizationName="/O=HTT Consulting" 484 organizationalUnitName="/OU=Devices" 485 #organizationalUnitName= 486 commonName="/CN=802.1AR CA" 487 DN=$countryName$stateOrProvinceName$localityName$organizationName 488 DN=$DN$organizationalUnitName$commonName 489 echo $DN 490 export subjectAltName=email:postmaster@htt-consult.com 491 echo $subjectAltName 493 Create the file, $dir/openssl-8021ARintermediate.cnf from the 494 contents in Appendix A.3. Uncomment lines for crlDistributionPoints 495 and authorityInfoAccess if using CRLs or OSCP repectfully. 497 7.2. Create the 802.1AR Intermediate Certificate 499 Here are the openssl commands to create the 802.1AR Intermediate 500 certificate keypair, 802.1AR Intermediate certificate signed request 501 (CSR), and the 802.1AR Intermediate certificate. Included are 502 commands to view the file contents. 504 # Create passworded keypair file 506 openssl genpkey -aes256 -algorithm $algorithm\ 507 -outform $format -out $dir/private/8021ARintermediate.key.$format 508 chmod 400 $dir/private/8021ARintermediate.key.$format 509 openssl pkey -inform $format\ 510 -in $dir/private/8021ARintermediate.key.$format -text -noout 512 # Create the CSR 514 openssl req -config $cadir/openssl-root.cnf\ 515 -key $dir/private/8021ARintermediate.key.$format \ 516 -keyform $format -outform $format -subj "$DN" -new\ 517 -out $dir/csr/8021ARintermediate.csr.$format 518 openssl req -text -noout -verify -inform $format\ 519 -in $dir/csr/8021ARintermediate.csr.$format 521 # Create 802.1AR Intermediate Certificate file 522 # The following does NOT work for DER 524 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 525 # Note 'openssl ca' does not support DER format 526 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 527 -extensions v3_intermediate_ca -notext\ 528 -in $dir/csr/8021ARintermediate.csr.$format\ 529 -out $dir/certs/8021ARintermediate.cert.pem 531 chmod 444 $dir/certs/8021ARintermediate.cert.$format 533 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 534 $dir/certs/8021ARintermediate.cert.$format 536 openssl x509 -noout -text\ 537 -in $dir/certs/8021ARintermediate.cert.$format 539 # Create the certificate chain file 541 cat $dir/certs/8021ARintermediate.cert.$format\ 542 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 543 chmod 444 $dir/certs/ca-chain.cert.$format 545 7.3. Create an 802.1AR iDevID Certificate 547 Here are the openssl commands to create a 802.1AR iDevID certificate 548 keypair, iDevID certificate signed request (CSR), and the iDevID 549 certificate. Included are commands to view the file contents. 551 DevID=Wt1234 552 countryName= 553 stateOrProvinceName= 554 localityName= 555 organizationName="/O=HTT Consulting" 556 organizationalUnitName="/OU=Devices" 557 commonName= 558 serialNumber="/serialNumber=$DevID" 559 DN=$countryName$stateOrProvinceName$localityName 560 DN=$DN$organizationName$organizationalUnitName$commonName 561 DN=$DN$serialNumber 562 echo $DN 564 # hwType is OID for HTT Consulting, devices, sensor widgets 565 export hwType=1.3.6.1.4.1.6715.10.1 566 export hwSerialNum=01020304 # Some hex 567 export subjectAltName="otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname" 568 echo $hwType - $hwSerialNum 570 openssl genpkey -algorithm $algorithm\ 571 -out $dir/private/$DevID.key.$format 572 chmod 400 $dir/private/$DevID.key.$format 573 openssl pkey -in $dir/private/$DevID.key.$format -text -noout 574 openssl req -config $dir/openssl-8021ARintermediate.cnf\ 575 -key $dir/private/$DevID.key.$format \ 576 -subj "$DN" -new -out $dir/csr/$DevID.csr.$format 578 openssl req -text -noout -verify\ 579 -in $dir/csr/$DevID.csr.$format 580 openssl asn1parse -i -in $dir/csr/$DevID.csr.pem 581 # offset of start of hardwareModuleName and use that in place of 141 582 openssl asn1parse -i -strparse 141 -in $dir/csr/$DevID.csr.pem 584 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 585 # Note 'openssl ca' does not support DER format 586 openssl ca -config $dir/openssl-8021ARintermediate.cnf\ 587 -extensions 8021ar_idevid -notext \ 588 -in $dir/csr/$DevID.csr.$format\ 589 -out $dir/certs/$DevID.cert.$format 590 chmod 444 $dir/certs/$DevID.cert.$format 592 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 593 $dir/certs/$DevID.cert.$format 594 openssl x509 -noout -text -in $dir/certs/$DevID.cert.$format 595 openssl asn1parse -i -in $dir/certs/$DevID.cert.pem 597 # offset of start of hardwareModuleName and use that in place of 576 598 openssl asn1parse -i -strparse 576 -in $dir/certs/$DevID.cert.pem 600 8. Setting up a CRL for an Intermediate CA 602 This part provides CRL support to an Intermediate CA. In this memo 603 it applies to both Intermediate CAs. Set the crlDistributionPoints 604 as provided via the environment variables. 606 8.1. Create (or recreate) the CRL 608 It is simple to create the CRL. The CRL consists of the certificates 609 flagged with an R (Revoked) in index.txt: 611 # Select which Intermediate level 612 intermediate=intermediate 613 #intermediate=8021ARintermediate 614 dir=$cadir/$intermediate 615 crl=$intermediate.crl.pem 616 cd $dir 618 # Create CRL file 619 openssl ca -config $dir/openssl-$intermediate.cnf \ 620 -gencrl -out $dir/crl/$crl 621 chmod 444 $dir/crl/$crl 623 openssl crl -in $dir/crl/$crl -noout -text 625 8.2. Revoke a Certificate 627 Revoking a certificate is a two step process. First identify the 628 target certificate, examples are listed below. Revoke it then 629 publish a new CRL. 631 targetcert=fqdn 632 #targetcert=clientemail 633 #targetcert=DevID 635 openssl ca -config $dir/openssl-$intermediate.cnf\ 636 -revoke $dir/certs/$targetcert.cert.$format 638 Recreate the CRL using Section 8.1. 640 9. Setting up OCSP for an Intermediate CA 642 This part provides OCSP support to an Intermediate CA. In this memo 643 it applies to both Intermediate CAs. Set the authorityInfoAccess as 644 provided via the environment variables. 646 9.1. Create the OCSP Certificate 648 OCSP needs a signing certificate. This certificate must be signed by 649 the CA that signed the certificate being checked. The steps to 650 create this certificate is the similar to a Server certificate for 651 the CA: 653 # Select which Intermediate level 654 intermediate=intermediate 655 #intermediate=8021ARintermediate 656 # Optionally, password encrypt key pair 657 encryptkey= 658 #encryptkey=-aes256 660 # Create the key pair in Intermediate level $intermediate 661 cd $dir 662 openssl genpkey -algorithm $algorithm\ 663 $encryptkey -out $dir/private/$ocspurl.key.$format 664 chmod 400 $dir/private/$ocspurl.$format 665 openssl pkey -in $dir/private/$ocspurl.key.$format -text -noout 667 # Create CSR 668 commonName= 669 DN=$countryName$stateOrProvinceName$localityName 670 DN=$DN$organizationName$organizationalUnitName$commonName 671 echo $DN 672 emailaddr=postmaster@htt-consult.com 673 export subjectAltName="DNS:$ocspurl, email:$emailaddr" 674 echo $subjectAltName 675 openssl req -config $dir/openssl-$intermediate.cnf\ 676 -key $dir/private/$ocspurl.key.$format \ 677 -subj "$DN" -new -out $dir/csr/$ocspurl.csr.$format 679 openssl req -text -noout -verify -in $dir/csr/$ocspurl.csr.$format 681 # Create Certificate 683 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 684 # Note 'openssl ca' does not support DER format 685 openssl ca -config $dir/openssl-$intermediate.cnf -days 375\ 686 -extensions ocsp -notext \ 687 -in $dir/csr/$ocspurl.csr.$format\ 688 -out $dir/certs/$ocspurl.cert.$format 689 chmod 444 $dir/certs/$ocspurl.cert.$format 691 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 692 $dir/certs/$ocspurl.cert.$format 693 openssl x509 -noout -text -in $dir/certs/$ocspurl.cert.$format 695 9.2. Revoke a Certificate 697 Revoke the certificate as in Section 8.2. The OCSP responder SHOULD 698 detect the flag change in index.txt and, when queried respond 699 appropriately. 701 9.3. Testing OCSP with Openssl 703 OpenSSL provides a simple OCSP service that can be used to test the 704 OCSP certificate and revocation process (Note that this only reads 705 the index.txt to get the certificate status at startup). 707 In a terminal window, set variables dir and ocspurl (examples below), 708 then run the simple OCSP service: 710 dir=/root/ca/intermediate 711 ocspurl=ocsp.htt-consult.com 713 openssl ocsp -port 2560 -text\ 714 -index $dir/index.txt \ 715 -CA $dir/certs/ca-chain.cert.pem \ 716 -rkey $dir/private/$ocspurl.key.pem \ 717 -rsigner $dir/certs/$ocspurl.cert.pem \ 718 -nrequest 1 720 In another window, test out a certificate status with: 722 targetcert=fqdn 723 #targetcert=clientemail 724 #targetcert=DevID 726 openssl ocsp -CAfile $dir/certs/ca-chain.cert.pem \ 727 -url http://127.0.0.1:2560 -resp_text\ 728 -issuer $dir/certs/$intermediate.cert.pem \ 729 -cert $dir/certs/$targetcert.cert.pem 731 Revoke the certificate, Section 8.2, restart the test Responder again 732 as above, then check the certificate status. 734 10. Footnotes 736 This section is a complete copy of [I-D.moskowitz-ecdsa-pki]. 737 Changes will be made if anything is found specific to either ECDSA or 738 ED25519. 740 Creating this document was a real education in the state of openSSL, 741 X.509 certificate guidance, and just general level of certificate 742 awareness. Here are a few short notes. 744 10.1. Certificate Serial Number 746 The certificate serial number's role is to provide yet another way to 747 maintain uniqueness of certificates within a pki as well as a way to 748 index them in a data store. It has taken on other roles, most 749 notably as a defense. 751 The CABForum guideline for a public CA is for the serial number to be 752 a random number at least 8 octets long and no longer than 20 bytes. 753 By default, openssl makes self-signed certificates with 8 octet 754 serial numbers. This guide uses openssl's RAND function to generate 755 the random value and pipe it into the -set_serial option. This 756 number MAY have the first bit as a ONE; the DER encoding rules 757 prepend such numbers with 0x00. Thus the limit of '19' for the 758 variable 'ns'. 760 A private CA need not follow the CABForum rules and can use anything 761 number for the serial number. For example, the root CA (which has no 762 security risks mitigated by using a random value) could use '1' as 763 its serial number. Intermediate and End Entity certificate serial 764 numbers can also be of any value if a strong hash, like SHA256 used 765 here. A value of 4 for ns would provide a sufficient population so 766 that a CA of 10,000 EE certificates will have only a 1.2% probability 767 of a collision. For only 1,000 certificates the probability drops to 768 0.012%. 770 The following was proposed on the openssl-user list as an alternative 771 to using the RAND function: 773 Keep k bits (k/8 octets) long serial numbers for all your 774 certificates, chose a block cipher operating on blocks of k bits, and 775 operate this block cipher in CTR mode, with a proper secret key and 776 secret starting counter. That way, no collision detection is 777 necessary, you'll be able to generate 2^(k/2) unique k bits longs 778 serial numbers (in fact, you can generate 2^k unique serial numbers, 779 but after 2^(k/2) you lose some security guarantees). 781 With 3DES, k=64, and with AES, k=128. 783 10.2. Some OpenSSL config file limitations 785 There is a bit of inconsistency in how different parts and fields in 786 the config file are used. Environment variables can only be used as 787 values. Some fields can have null values, others cannot. The lack 788 of allowing null fields means a script cannot feed in an environment 789 variable with value null. In such a case, the field has to be 790 removed from the config file. 792 The expectation is each CA within a PKI has its own config file, 793 customized to the certificates supported by that CA. 795 10.3. subjectAltName support, or lack thereof 797 There is no direct openssl command line option to provide a 798 subjectAltName for a certificate. This is a serious limitation. Per 799 RFC 5280 [RFC5280] SAN is the object for providing email addresses 800 and DNS addresses (FQDN), yet the common practice has been to use the 801 commonName object within the distinguishedName object. How much of 802 this is due to the difficulty in creating certificates with a SAN? 804 Thus the only way to provide a SAN is through the config file. And 805 there are two approaches. This document uses an environment variable 806 to provide the SAN value into the config file. Another approach is 807 to use piping as in: 809 openssl req -new -key domain.key\ 810 -subj "/C=US/ST=CA/O=Acme, Inc./CN=foo.com" -reqexts SAN\ 811 -config <(cat /etc/ssl/openssl.cnf\ 812 <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))\ 813 -out domain.csr 815 10.4. Certificates with only subjectAltName 817 Also in RFC 5280 [RFC5280] (sec 4.2.1.6): if the only subject 818 identity in the certificate is in subjectAltName, then Subject MUST 819 be empty and subjectAltName MUST be marked as critical. 821 This can be achieved with the variable DN=/ and subjectAltName 822 (example given): 824 DN=/ 825 export subjectAltName=critical,email:postmaster@htt-consult.com 827 10.5. DER support, or lack thereof 829 The long, hard-fought battle with openssl to create a full DER pki 830 failed. The is no facility to create a DER certificate from a DER 831 CSR. It just is not there in the 'openssl ca' command. Even the 832 'openssl x509 -req' command cannot do this for a simple certificate. 834 Further, there is no 'hack' for making a certificate chain as there 835 is with PEM. With PEM a simple concatenation of the certificates 836 create a usable certificate chain. For DER, some recommend using 837 PKCS#7 [RFC2315], where others point out that this format is poorly 838 support 'in the field', whereas PKCS#12 [RFC7292] works for them. 840 Finally, openssl does support converting a PEM certificate to DER: 842 openssl x509 -outform der -in certificate.pem -out certificate.der 844 This should also work for the keypair. However, in a highly 845 constrained device it may make more sense to just store the raw 846 keypair in the device's very limited secure storage. 848 11. IANA Considerations 850 TBD. May be nothing for IANA. 852 12. Security Considerations 854 This section is a complete copy of [I-D.moskowitz-ecdsa-pki]. 855 Changes will be made if anything is found specific to either ECDSA or 856 EDDSA. 858 12.1. Adequate Randomness 860 Creating certificates takes a lot of random numbers. A good source 861 of random numbers is critical. Studies [WeakKeys] have found 862 excessive amount of certificates, all with the same keys due to bad 863 randomness on the generating systems. The amount of entropy 864 available for these random numbers can be tested. On Fedora/Centos 865 use: 867 cat /proc/sys/kernel/random/entropy_avail 869 If the value is low (below 1000) check your system's randomness 870 source. Is rng-tools installed? Consider adding an entropy 871 collection service like haveged from issihosts.com/haveged. 873 12.2. Key pair Theft 875 During the certificate creation, particularly during keypair 876 generation, the files are vulnerable to theft. This can be mitigate 877 using umask. Before using openssl, set umask: 879 restore_mask=$(umask -p) 880 umask 077 882 Afterwards, restore it with: 884 $restore_mask 886 13. Acknowledgments 888 This work is possible because of the availability of openSSL 1.1.1. 889 As in [I-D.moskowitz-ecdsa-pki], the openssl-user mailing list, with 890 its many supportive experts, was of immense help in the nuance 891 differences between ECDSA and EDDSA. 893 14. References 895 14.1. Normative References 897 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 898 Requirement Levels", BCP 14, RFC 2119, 899 DOI 10.17487/RFC2119, March 1997, 900 . 902 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 903 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 904 May 2017, . 906 14.2. Informative References 908 [I-D.moskowitz-ecdsa-pki] 909 Moskowitz, R., Birkholz, H., Xia, L., and M. Richardson, 910 "Guide for building an ECC pki", Work in Progress, 911 Internet-Draft, draft-moskowitz-ecdsa-pki-08, 14 February 912 2020, . 915 [IEEE.802.1AR_2009] 916 IEEE, "IEEE Standard for Local and metropolitan area 917 networks - Secure Device Identity", 918 DOI 10.1109/ieeestd.2009.5367679, IEEE 802.1AR-2009, 28 919 December 2009, . 922 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 923 Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, 924 . 926 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 927 Housley, R., and W. Polk, "Internet X.509 Public Key 928 Infrastructure Certificate and Certificate Revocation List 929 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 930 . 932 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 933 and M. Scott, "PKCS #12: Personal Information Exchange 934 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 935 . 937 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital 938 Signature Algorithm (EdDSA)", RFC 8032, 939 DOI 10.17487/RFC8032, January 2017, 940 . 942 [WeakKeys] Heninger, N.H., Durumeric, Z.D., Wustrow, E.W., and J.A.H. 943 Halderman, "Detection of Widespread Weak Keys in Network 944 Devices", July 2011, 945 . 948 Appendix A. OpenSSL config files 950 A.1. OpenSSL Root config file 952 The following is the openssl-root.cnf file contents 954 # OpenSSL root CA configuration file. 955 # Copy to `$dir/openssl-root.cnf`. 957 [ ca ] 958 # `man ca` 959 default_ca = CA_default 961 [ CA_default ] 962 # Directory and file locations. 963 dir = $ENV::dir 964 cadir = $ENV::cadir 965 format = $ENV::format 967 certs = $dir/certs 968 crl_dir = $dir/crl 969 new_certs_dir = $dir/newcerts 970 database = $dir/index.txt 971 serial = $dir/serial 972 RANDFILE = $dir/private/.rand 974 # The root key and root certificate. 975 private_key = $cadir/private/ca.key.$format 976 certificate = $cadir/certs/ca.cert.$format 978 # For certificate revocation lists. 979 crlnumber = $dir/crlnumber 980 crl = $dir/crl/ca.crl.pem 981 crl_extensions = crl_ext 982 default_crl_days = 30 984 # SHA-1 is deprecated, so use SHA-2 instead. 985 default_md = sha256 987 name_opt = ca_default 988 cert_opt = ca_default 989 default_days = 375 990 preserve = no 991 policy = policy_strict 992 copy_extensions = copy 994 [ policy_strict ] 995 # The root CA should only sign intermediate certificates that match. 996 # See the POLICY FORMAT section of `man ca`. 997 countryName = match 998 stateOrProvinceName = match 999 organizationName = match 1000 organizationalUnitName = optional 1001 commonName = optional 1003 [ policy_loose ] 1004 # Allow the intermediate CA to sign a more 1005 # diverse range of certificates. 1006 # See the POLICY FORMAT section of the `ca` man page. 1007 countryName = optional 1008 stateOrProvinceName = optional 1009 localityName = optional 1010 organizationName = optional 1011 organizationalUnitName = optional 1012 commonName = optional 1014 [ req ] 1015 # Options for the `req` tool (`man req`). 1016 default_bits = 2048 1017 distinguished_name = req_distinguished_name 1018 string_mask = utf8only 1019 req_extensions = req_ext 1021 # SHA-1 is deprecated, so use SHA-2 instead. 1022 default_md = sha256 1024 # Extension to add when the -x509 option is used. 1025 x509_extensions = v3_ca 1027 [ req_distinguished_name ] 1028 # See . 1029 countryName = Country Name (2 letter code) 1030 stateOrProvinceName = State or Province Name 1031 localityName = Locality Name 1032 0.organizationName = Organization Name 1033 organizationalUnitName = Organizational Unit Name 1034 commonName = Common Name 1036 # Optionally, specify some defaults. 1037 # countryName_default = US 1038 # stateOrProvinceName_default = MI 1039 # localityName_default = Oak Park 1040 # 0.organizationName_default = HTT Consulting 1041 # organizationalUnitName_default = 1043 [ req_ext ] 1044 subjectAltName = $ENV::subjectAltName 1046 [ v3_ca ] 1047 # Extensions for a typical CA (`man x509v3_config`). 1048 subjectKeyIdentifier = hash 1049 authorityKeyIdentifier = keyid:always,issuer 1050 basicConstraints = critical, CA:true 1051 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1052 keyUsage = critical, cRLSign, keyCertSign 1053 subjectAltName = $ENV::subjectAltName 1055 [ v3_intermediate_ca ] 1056 # Extensions for a typical intermediate CA (`man x509v3_config`). 1057 subjectKeyIdentifier = hash 1058 authorityKeyIdentifier = keyid:always,issuer 1059 basicConstraints = critical, CA:true, pathlen:0 1060 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1061 keyUsage = critical, cRLSign, keyCertSign 1063 [ crl_ext ] 1064 # Extension for CRLs (`man x509v3_config`). 1065 authorityKeyIdentifier=keyid:always 1067 [ ocsp ] 1068 # Extension for OCSP signing certificates (`man ocsp`). 1069 basicConstraints = CA:FALSE 1070 subjectKeyIdentifier = hash 1071 authorityKeyIdentifier = keyid,issuer 1072 keyUsage = critical, digitalSignature 1073 extendedKeyUsage = critical, OCSPSigning 1075 A.2. OpenSSL Intermediate config file 1077 The following is the openssl-intermediate.cnf file contents. 1079 Remove the crlDistributionPoints to drop CRL support and 1080 authorityInfoAccess to drop OCSP support. 1082 # OpenSSL intermediate CA configuration file. 1083 # Copy to `$dir/openssl-intermediate.cnf`. 1085 [ ca ] 1086 # `man ca` 1087 default_ca = CA_default 1089 [ CA_default ] 1090 # Directory and file locations. 1091 dir = $ENV::dir 1092 cadir = $ENV::cadir 1093 format = $ENV::format 1095 certs = $dir/certs 1096 crl_dir = $dir/crl 1097 new_certs_dir = $dir/newcerts 1098 database = $dir/index.txt 1099 serial = $dir/serial 1100 RANDFILE = $dir/private/.rand 1102 # The Intermediate key and Intermediate certificate. 1103 private_key = $dir/private/intermediate.key.$format 1104 certificate = $dir/certs/intermediate.cert.$format 1106 # For certificate revocation lists. 1107 crlnumber = $dir/crlnumber 1108 crl = $dir/crl/intermediate.crl.pem 1109 crl_extensions = crl_ext 1110 default_crl_days = $ENV::default_crl_days 1112 # SHA-1 is deprecated, so use SHA-2 instead. 1113 default_md = sha256 1115 name_opt = ca_default 1116 cert_opt = ca_default 1117 default_days = 375 1118 preserve = no 1119 policy = policy_loose 1120 copy_extensions = copy 1122 [ policy_strict ] 1123 # The root CA should only sign intermediate certificates that match. 1124 # See the POLICY FORMAT section of `man ca`. 1125 countryName = match 1126 stateOrProvinceName = match 1127 organizationName = match 1128 organizationalUnitName = optional 1129 commonName = optional 1131 [ policy_loose ] 1132 # Allow the intermediate CA to sign a more 1133 # diverse range of certificates. 1134 # See the POLICY FORMAT section of the `ca` man page. 1135 countryName = optional 1136 stateOrProvinceName = optional 1137 localityName = optional 1138 organizationName = optional 1139 organizationalUnitName = optional 1140 commonName = optional 1141 UID = optional 1143 [ req ] 1144 # Options for the `req` tool (`man req`). 1145 default_bits = 2048 1146 distinguished_name = req_distinguished_name 1147 string_mask = utf8only 1148 req_extensions = req_ext 1150 # SHA-1 is deprecated, so use SHA-2 instead. 1151 default_md = sha256 1153 # Extension to add when the -x509 option is used. 1154 x509_extensions = v3_ca 1156 [ req_distinguished_name ] 1157 # See . 1158 countryName = Country Name (2 letter code) 1159 stateOrProvinceName = State or Province Name 1160 localityName = Locality Name 1161 0.organizationName = Organization Name 1162 organizationalUnitName = Organizational Unit Name 1163 commonName = Common Name 1164 UID = User ID 1166 # Optionally, specify some defaults. 1167 # countryName_default = US 1168 # stateOrProvinceName_default = MI 1169 # localityName_default = Oak Park 1170 # 0.organizationName_default = HTT Consulting 1171 # organizationalUnitName_default = 1173 [ req_ext ] 1174 subjectAltName = $ENV::subjectAltName 1176 [ v3_ca ] 1177 # Extensions for a typical CA (`man x509v3_config`). 1178 subjectKeyIdentifier = hash 1179 authorityKeyIdentifier = keyid:always,issuer 1180 basicConstraints = critical, CA:true 1181 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1182 keyUsage = critical, cRLSign, keyCertSign 1184 [ v3_intermediate_ca ] 1185 # Extensions for a typical intermediate CA (`man x509v3_config`). 1186 subjectKeyIdentifier = hash 1187 authorityKeyIdentifier = keyid:always,issuer 1188 basicConstraints = critical, CA:true, pathlen:0 1189 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1190 keyUsage = critical, cRLSign, keyCertSign 1192 [ usr_cert ] 1193 # Extensions for client certificates (`man x509v3_config`). 1194 basicConstraints = CA:FALSE 1195 nsCertType = client, email 1196 nsComment = "OpenSSL Generated Client Certificate" 1197 subjectKeyIdentifier = hash 1198 authorityKeyIdentifier = keyid,issuer 1199 keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment 1200 extendedKeyUsage = clientAuth, emailProtection 1201 # uncomment the following if the ENV variables set 1202 # crlDistributionPoints = $ENV::crlDP 1203 # authorityInfoAccess = $ENV::ocspIAI 1205 [ server_cert ] 1206 # Extensions for server certificates (`man x509v3_config`). 1207 basicConstraints = CA:FALSE 1208 nsCertType = server 1209 nsComment = "OpenSSL Generated Server Certificate" 1210 subjectKeyIdentifier = hash 1211 authorityKeyIdentifier = keyid,issuer:always 1212 keyUsage = critical, digitalSignature, keyEncipherment 1213 extendedKeyUsage = serverAuth 1214 # uncomment the following if the ENV variables set 1215 # crlDistributionPoints = $ENV::crlDP 1216 # authorityInfoAccess = $ENV::ocspIAI 1218 [ crl_ext ] 1219 # Extension for CRLs (`man x509v3_config`). 1220 authorityKeyIdentifier=keyid:always 1222 [ ocsp ] 1223 # Extension for OCSP signing certificates (`man ocsp`). 1224 basicConstraints = CA:FALSE 1225 subjectKeyIdentifier = hash 1226 authorityKeyIdentifier = keyid,issuer 1227 keyUsage = critical, digitalSignature 1228 extendedKeyUsage = critical, OCSPSigning 1230 A.3. OpenSSL 802.1AR Intermediate config file 1232 The following is the openssl-8021ARintermediate.cnf file contents. 1234 Remove the crlDistributionPoints to drop CRL support and 1235 authorityInfoAccess to drop OCSP support. 1237 # OpenSSL 8021ARintermediate CA configuration file. 1238 # Copy to `$dir/openssl-8021ARintermediate.cnf`. 1240 [ ca ] 1241 # `man ca` 1242 default_ca = CA_default 1244 [ CA_default ] 1245 # Directory and file locations. 1246 # dir = /root/ca/8021ARintermediate 1247 dir = $ENV::dir 1248 cadir = $ENV::cadir 1249 format = $ENV::format 1251 certs = $dir/certs 1252 crl_dir = $dir/crl 1253 new_certs_dir = $dir/newcerts 1254 database = $dir/index.txt 1255 serial = $dir/serial 1256 RANDFILE = $dir/private/.rand 1258 # The root key and root certificate. 1259 private_key = $dir/private/8021ARintermediate.key.$format 1260 certificate = $dir/certs/8021ARintermediate.cert.$format 1262 # For certificate revocation lists. 1263 crlnumber = $dir/crlnumber 1264 crl = $dir/crl/ca.crl.pem 1265 crl_extensions = crl_ext 1266 default_crl_days = $ENV::default_crl_days 1267 # SHA-1 is deprecated, so use SHA-2 instead. 1268 default_md = sha256 1270 name_opt = ca_default 1271 cert_opt = ca_default 1272 default_enddate = 99991231235959Z # per IEEE 802.1AR 1273 preserve = no 1274 policy = policy_loose 1275 copy_extensions = copy 1277 [ policy_strict ] 1278 # The root CA should only sign 8021ARintermediate 1279 # certificates that match. 1280 # See the POLICY FORMAT section of `man ca`. 1281 countryName = match 1282 stateOrProvinceName = match 1283 organizationName = match 1284 organizationalUnitName = optional 1285 commonName = optional 1287 [ policy_loose ] 1288 # Allow the 8021ARintermediate CA to sign 1289 # a more diverse range of certificates. 1290 # See the POLICY FORMAT section of the `ca` man page. 1291 countryName = optional 1292 stateOrProvinceName = optional 1293 localityName = optional 1294 organizationName = optional 1295 organizationalUnitName = optional 1296 commonName = optional 1297 serialNumber = optional 1299 [ req ] 1300 # Options for the `req` tool (`man req`). 1301 default_bits = 2048 1302 distinguished_name = req_distinguished_name 1303 string_mask = utf8only 1304 req_extensions = req_ext 1306 # SHA-1 is deprecated, so use SHA-2 instead. 1307 default_md = sha256 1309 # Extension to add when the -x509 option is used. 1310 x509_extensions = v3_ca 1312 [ req_distinguished_name ] 1313 # See . 1314 countryName = Country Name (2 letter code) 1315 stateOrProvinceName = State or Province Name 1316 localityName = Locality Name 1317 0.organizationName = Organization Name 1318 organizationalUnitName = Organizational Unit Name 1319 commonName = Common Name 1320 serialNumber = Device Serial Number 1322 # Optionally, specify some defaults. 1323 0.organizationName_default = HTT Consulting 1324 organizationalUnitName_default = Devices 1326 [ req_ext ] 1327 subjectAltName = $ENV::subjectAltName 1329 [ hmodname ] 1330 hwType = OID:$ENV::hwType 1331 hwSerialNum = FORMAT:HEX,OCT:$ENV::hwSerialNum 1333 [ v3_ca ] 1334 # Extensions for a typical CA (`man x509v3_config`). 1335 subjectKeyIdentifier = hash 1336 authorityKeyIdentifier = keyid:always,issuer 1337 basicConstraints = critical, CA:true 1338 keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1340 [ v3_8021ARintermediate_ca ] 1341 # Extensions for a typical 1342 # 8021ARintermediate CA (`man x509v3_config`). 1343 subjectKeyIdentifier = hash 1344 authorityKeyIdentifier = keyid:always,issuer 1345 basicConstraints = critical, CA:true, pathlen:0 1346 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1347 keyUsage = critical, cRLSign, keyCertSign 1349 [ 8021ar_idevid ] 1350 # Extensions for IEEE 802.1AR iDevID 1351 # certificates (`man x509v3_config`). 1352 basicConstraints = CA:FALSE 1353 authorityKeyIdentifier = keyid,issuer:always 1354 keyUsage = critical, digitalSignature, keyEncipherment 1355 # uncomment the following if the ENV variables set 1356 # crlDistributionPoints = $ENV::crlDP 1357 # authorityInfoAccess = $ENV::ocspIAI 1359 [ crl_ext ] 1360 # Extension for CRLs (`man x509v3_config`). 1361 authorityKeyIdentifier=keyid:always 1363 [ ocsp ] 1364 # Extension for OCSP signing certificates (`man ocsp`). 1365 basicConstraints = CA:FALSE 1366 subjectKeyIdentifier = hash 1367 authorityKeyIdentifier = keyid,issuer 1368 keyUsage = critical, digitalSignature 1369 extendedKeyUsage = critical, OCSPSigning 1371 Authors' Addresses 1373 Robert Moskowitz 1374 HTT Consulting 1375 Oak Park 1377 Email: rgm@labs.htt-consult.com 1379 Henk Birkholz 1380 Fraunhofer SIT 1381 Rheinstrasse 75 1382 64295 Darmstadt 1383 Germany 1385 Email: henk.birkholz@sit.fraunhofer.de 1387 Michael C. Richardson 1388 Sandelman Software Works 1390 Email: mcr+ietf@sandelman.ca 1391 URI: http://www.sandelman.ca/