idnits 2.17.1 draft-moskowitz-eddsa-pki-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 4, 2020) is 1329 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-10) exists of draft-moskowitz-ecdsa-pki-09 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 wg TBD R. Moskowitz 3 Internet-Draft HTT Consulting 4 Intended status: Informational H. Birkholz 5 Expires: March 8, 2021 Fraunhofer SIT 6 M. Richardson 7 Sandelman 8 September 4, 2020 10 Guide for building an EDDSA pki 11 draft-moskowitz-eddsa-pki-04 13 Abstract 15 This memo provides a guide for building a PKI (Public Key 16 Infrastructure) using openSSL. Certificates in this guide can be 17 either ED25519 or ED448 certificates. Along with common End Entity 18 certificates, this guide provides instructions for creating IEEE 19 802.1AR iDevID Secure Device certificates. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on March 8, 2021. 38 Copyright Notice 40 Copyright (c) 2020 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 3 57 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 3 58 2.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 3 59 2.3. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 60 3. Comparing ECDSA and EDDSA certificates . . . . . . . . . . . 4 61 4. The Basic PKI feature set . . . . . . . . . . . . . . . . . . 4 62 5. Getting started and the Root level . . . . . . . . . . . . . 5 63 5.1. Setting up the Environment . . . . . . . . . . . . . . . 5 64 5.2. Create the Root Certificate . . . . . . . . . . . . . . . 6 65 6. The Intermediate level . . . . . . . . . . . . . . . . . . . 7 66 6.1. Setting up the Intermediate Certificate Environment . . . 7 67 6.2. Create the Intermediate Certificate . . . . . . . . . . . 8 68 6.3. Create a Server EE Certificate . . . . . . . . . . . . . 9 69 6.4. Create a Client EE Certificate . . . . . . . . . . . . . 10 70 7. The 802.1AR Intermediate level . . . . . . . . . . . . . . . 11 71 7.1. Setting up the 802.1AR Intermediate Certificate 72 Environment . . . . . . . . . . . . . . . . . . . . . . . 11 73 7.2. Create the 802.1AR Intermediate Certificate . . . . . . . 12 74 7.3. Create an 802.1AR iDevID Certificate . . . . . . . . . . 13 75 8. Setting up a CRL for an Intermediate CA . . . . . . . . . . . 15 76 8.1. Create (or recreate) the CRL . . . . . . . . . . . . . . 15 77 8.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 15 78 9. Setting up OCSP for an Intermediate CA . . . . . . . . . . . 16 79 9.1. Create the OCSP Certificate . . . . . . . . . . . . . . . 16 80 9.2. Revoke a Certificate . . . . . . . . . . . . . . . . . . 17 81 9.3. Testing OCSP with Openssl . . . . . . . . . . . . . . . . 18 82 10. Footnotes . . . . . . . . . . . . . . . . . . . . . . . . . . 18 83 10.1. Certificate Serial Number . . . . . . . . . . . . . . . 19 84 10.2. Some OpenSSL config file limitations . . . . . . . . . . 19 85 10.3. subjectAltName support, or lack thereof . . . . . . . . 20 86 10.4. Certificates with only subjectAltName . . . . . . . . . 20 87 10.5. DER support, or lack thereof . . . . . . . . . . . . . . 20 88 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 89 12. Security Considerations . . . . . . . . . . . . . . . . . . . 21 90 12.1. Adequate Randomness . . . . . . . . . . . . . . . . . . 21 91 12.2. Key pair Theft . . . . . . . . . . . . . . . . . . . . . 21 92 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 22 93 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 94 14.1. Normative References . . . . . . . . . . . . . . . . . . 22 95 14.2. Informative References . . . . . . . . . . . . . . . . . 22 96 Appendix A. OpenSSL config files . . . . . . . . . . . . . . . . 23 97 A.1. OpenSSL Root config file . . . . . . . . . . . . . . . . 23 98 A.2. OpenSSL Intermediate config file . . . . . . . . . . . . 26 99 A.3. OpenSSL 802.1AR Intermediate config file . . . . . . . . 29 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 102 1. Introduction 104 The IETF has adopted the Edwards Elliptic Curve and related 105 algorithms. These algorithms hold out the promise of greater 106 efficiency and better understood security risks. This efficiency 107 could make that critical difference to allow them to be used in some 108 constrained IoT devices. 110 This effort provides the steps, using the openSSL application, to 111 create such a PKI of ED25519 or ED448 certificates (RFC 8032 112 [RFC8032]). The goal is that any developer or tester can follow 113 these steps, create the basic objects needed and establish the 114 validity of the standard/program design. This guide can even be used 115 to create a production PKi, though additional steps need to be taken. 116 This could be very useful to a small vendor needing to include 117 802.1AR [IEEE.802.1AR_2009] iDevIDs in their product (Note: EDDSA 118 certificates are not supported in even the forthcoming 802.1AR-2018; 119 this is for future work). 121 This guide was developed with openSSL 1.1.1 on Fedora 29-beta and 122 creates PEM-based certificates. It closely follows 123 [I-D.moskowitz-ecdsa-pki]. 125 2. Terms and Definitions 127 2.1. Requirements Terminology 129 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 130 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 131 "OPTIONAL" in this document are to be interpreted as described in BCP 132 14 [RFC2119] [RFC8174] when, and only when, they appear in all 133 capitals, as shown here. 135 2.2. Notations 137 This section will contain notations 139 2.3. Definitions 141 There are no draft specific definitions at this time 143 3. Comparing ECDSA and EDDSA certificates 145 There are two differences between ECDSA and EDDSA certificates that 146 impact the use of openSSL. There are no options with EDDSA, and thus 147 the pkeyopt variable is not used. 149 Likewise there are no hash options. For example, neither ED25519 or 150 ED448 signs a hash of the certificate. As such, none of the hash 151 options should be needed. 153 It should be noted here that ED25519 certificates can be ~100 bytes 154 smaller than corresponding ECDSA certificates. This size difference 155 may be critical in some devices and communication technologies. 156 ED448 certificates are similar in size with ECDSA p256 certificates 157 yet with a stronger security claim. 159 4. The Basic PKI feature set 161 A basic pki has two levels of hierarchy: Root and Intermediate. The 162 Root level has the greatest risk, and is the least used. It only 163 signs the Intermediate level signing certificate. As such, once the 164 Root level is created and signs the Intermediate level certificate it 165 can be locked up. In fact, the Root level could exist completely on 166 a uSD boot card for an ARM small computer like a RaspberryPi. A copy 167 of this card can be made and securely stored in a different location. 169 The Root level contains the Root certificate private key, a database 170 of all signed certificates, and the public certificate. It can also 171 contain the Intermediate level public certificate and a Root level 172 CRL. 174 The Intermediate level contains the Intermediate certificate private 175 key, the public certificate, a database of all signed certificates, 176 the certificate trust chain, and Intermediate level CRL. It can also 177 contain the End Entity public certificates. The private key file 178 needs to be keep securely. For example as with the Root level, a mSD 179 image for an ARM computer could contain the complete Intermediate 180 level. This image is kept offline. The End Entity CSR is copied to 181 it, signed, and then the signed certificate and updated database are 182 moved to the public image that lacks the private key. 184 For a simple test pki, all files can be kept on a single system that 185 is managed by the tester. 187 End Entities create a key pair and a Certificate Signing Request 188 (CSR). The private key is stored securely. The CSR is delivered to 189 the Intermediate level which uses the CSR to create the End Entity 190 certificate. This certificate, along with the trust chain back to 191 the root, is then returned to the End Entity. 193 There is more to a pki, but this suffices for most development and 194 testing needs. 196 5. Getting started and the Root level 198 This guide was developed on a Fedora 29-beta armv7hl system 199 (Cubieboard2 SoC). It should work on most Linux and similar systems 200 that support openSSL 1.1.1. All work was done in a terminal window 201 with extensive "cutting and pasting" from this draft guide into the 202 terminal window. Users of this guide may find different behaviors 203 based on their system. 205 5.1. Setting up the Environment 207 The first step is to create the pki environment. Modify the 208 variables to suit your needs. 210 export dir=/root/ca 211 export cadir=/root/ca 212 export format=pem 213 export algorithm=ed25519 # or ed448 214 mkdir $dir 215 cd $dir 216 mkdir certs crl csr newcerts private 217 chmod 700 private 218 touch index.txt 219 touch serial 220 sn=8 222 countryName="/C=US" 223 stateOrProvinceName="/ST=MI" 224 localityName="/L=Oak Park" 225 organizationName="/O=HTT Consulting" 226 #organizationalUnitName="/OU=" 227 organizationalUnitName= 228 commonName="/CN=Root CA" 229 DN=$countryName$stateOrProvinceName$localityName 230 DN=$DN$organizationName$organizationalUnitName$commonName 231 echo $DN 232 export subjectAltName=email:postmaster@htt-consult.com 234 Where: 236 dir 237 Directory for certificate files 239 cadir 240 Directory for Root certificate files 242 Format 243 File encoding: PEM or DER 244 At this time only PEM works 246 sn 247 Serial Number length in bytes 248 For a public CA the range is 8 to 19 250 The Serial Number length for a public pki ranges from 8 to 19 bytes. 251 The use of 19 rather than 20 is to accommodate the hex representation 252 of the Serial Number. If it has a one in the high order bit, DER 253 encoding rules will place a 0x00 in front. 255 The DN and SAN fields are examples. Change them to appropriate 256 values. If you leave one blank, it will be left out of the 257 Certificate. "OU" above is an example of an empty DN object. 259 Create the file, $dir/openssl-root.cnf from the contents in 260 Appendix A.1. 262 5.2. Create the Root Certificate 264 Next are the openssl commands to create the Root certificate keypair, 265 and the Root certificate. Included are commands to view the file 266 contents. 268 # Create passworded keypair file 270 openssl genpkey -aes256 -algorithm $algorithm\ 271 -outform $format -out $dir/private/ca.key.$format 272 chmod 400 $dir/private/ca.key.$format 273 openssl pkey -inform $format -in $dir/private/ca.key.$format\ 274 -text -noout 276 # Create Self-signed Root Certificate file 277 # 7300 days = 20 years; Intermediate CA is 10 years. 279 openssl req -config $dir/openssl-root.cnf\ 280 -set_serial 0x$(openssl rand -hex $sn)\ 281 -keyform $format -outform $format\ 282 -key $dir/private/ca.key.$format -subj "$DN"\ 283 -new -x509 -days 7300 -extensions v3_ca\ 284 -out $dir/certs/ca.cert.$format 286 # 288 openssl x509 -inform $format -in $dir/certs/ca.cert.$format\ 289 -text -noout 290 openssl x509 -purpose -inform $format\ 291 -in $dir/certs/ca.cert.$format -inform $format 293 6. The Intermediate level 295 6.1. Setting up the Intermediate Certificate Environment 297 The next part is to create the Intermediate pki environment. Modify 298 the variables to suit your needs. In particular, set the variables 299 for CRL and/or OCSP support. 301 export dir=$cadir/intermediate 302 mkdir $dir 303 cd $dir 304 mkdir certs crl csr newcerts private 305 chmod 700 private 306 touch index.txt 307 sn=8 # hex 8 is minimum, 19 is maximum 308 echo 1000 > $dir/crlnumber 310 # cd $dir 311 export crlDP= 312 # For CRL support use uncomment these: 313 #crl=intermediate.crl.pem 314 #crlurl=www.htt-consult.com/pki/$crl 315 #export crlDP="URI:http://$crlurl" 316 export default_crl_days=30 317 export ocspIAI= 318 # For OCSP support use uncomment these: 319 #ocspurl=ocsp.htt-consult.com 320 #export ocspIAI="OCSP;URI:http://$ocspurl" 322 commonName="/CN=Signing CA" 323 DN=$countryName$stateOrProvinceName$localityName$organizationName 324 DN=$DN$organizationalUnitName$commonName 325 echo $DN 327 Create the file, $dir/openssl-intermediate.cnf from the contents in 328 Appendix A.2. Uncomment lines for crlDistributionPoints and 329 authorityInfoAccess if using CRLs or OSCP repectfully. 331 6.2. Create the Intermediate Certificate 333 Here are the openssl commands to create the Intermediate certificate 334 keypair, Intermediate certificate signed request (CSR), and the 335 Intermediate certificate. Included are commands to view the file 336 contents. 338 # Create passworded keypair file 340 openssl genpkey -aes256 -algorithm $algorithm\ 341 -outform $format -out $dir/private/intermediate.key.$format 342 chmod 400 $dir/private/intermediate.key.$format 343 openssl pkey -inform $format\ 344 -in $dir/private/intermediate.key.$format -text -noout 346 # Create the CSR 348 openssl req -config $cadir/openssl-root.cnf\ 349 -key $dir/private/intermediate.key.$format \ 350 -keyform $format -outform $format -subj "$DN" -new\ 351 -out $dir/csr/intermediate.csr.$format 352 openssl req -text -noout -verify -inform $format\ 353 -in $dir/csr/intermediate.csr.$format 355 # Create Intermediate Certificate file 357 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 358 # Note 'openssl ca' does not support DER format 359 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 360 -extensions v3_intermediate_ca -notext \ 361 -in $dir/csr/intermediate.csr.$format\ 362 -out $dir/certs/intermediate.cert.pem 364 chmod 444 $dir/certs/intermediate.cert.$format 366 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 367 $dir/certs/intermediate.cert.$format 369 openssl x509 -noout -text -in $dir/certs/intermediate.cert.$format 371 # Create the certificate chain file 373 cat $dir/certs/intermediate.cert.$format\ 374 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 375 chmod 444 $dir/certs/ca-chain.cert.$format 377 6.3. Create a Server EE Certificate 379 Here are the openssl commands to create a Server End Entity 380 certificate keypair, Server certificate signed request (CSR), and the 381 Server certificate. Included are commands to view the file contents. 383 commonName= 384 DN=$countryName$stateOrProvinceName$localityName 385 DN=$DN$organizationName$organizationalUnitName$commonName 386 echo $DN 387 serverfqdn=www.example.com 388 emailaddr=postmaster@htt-consult.com 389 export subjectAltName="DNS:$serverfqdn, email:$emailaddr" 390 echo $subjectAltName 391 openssl genpkey -algorithm $algorithm\ 392 -out $dir/private/$serverfqdn.key.$format 393 chmod 400 $dir/private/$serverfqdn.$format 394 openssl pkey -in $dir/private/$serverfqdn.key.$format -text -noout 395 openssl req -config $dir/openssl-intermediate.cnf\ 396 -key $dir/private/$serverfqdn.key.$format \ 397 -subj "$DN" -new -out $dir/csr/$serverfqdn.csr.$format 399 openssl req -text -noout -verify -in $dir/csr/$serverfqdn.csr.$format 401 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 402 # Note 'openssl ca' does not support DER format 403 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 404 -extensions server_cert -notext \ 405 -in $dir/csr/$serverfqdn.csr.$format\ 406 -out $dir/certs/$serverfqdn.cert.$format 407 chmod 444 $dir/certs/$serverfqdn.cert.$format 409 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 410 $dir/certs/$serverfqdn.cert.$format 411 openssl x509 -noout -text -in $dir/certs/$serverfqdn.cert.$format 413 6.4. Create a Client EE Certificate 415 Here are the openssl commands to create a Client End Entity 416 certificate keypair, Client certificate signed request (CSR), and the 417 Client certificate. Included are commands to view the file contents. 419 commonName= 420 UserID="/UID=rgm" 421 DN=$countryName$stateOrProvinceName$localityName 422 DN=$DN$organizationName$organizationalUnitName$commonName$UserID 423 echo $DN 424 clientemail=rgm@example.com 425 export subjectAltName="email:$clientemail" 426 echo $subjectAltName 427 openssl genpkey -algorithm $algorithm\ 428 -out $dir/private/$clientemail.key.$format 429 chmod 400 $dir/private/$clientemail.$format 430 openssl pkey -in $dir/private/$clientemail.key.$format -text -noout 431 openssl req -config $dir/openssl-intermediate.cnf\ 432 -key $dir/private/$clientemail.key.$format \ 433 -subj "$DN" -new -out $dir/csr/$clientemail.csr.$format 435 openssl req -text -noout -verify\ 436 -in $dir/csr/$clientemail.csr.$format 438 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 439 # Note 'openssl ca' does not support DER format 440 openssl ca -config $dir/openssl-intermediate.cnf -days 375\ 441 -extensions usr_cert -notext \ 442 -in $dir/csr/$clientemail.csr.$format\ 443 -out $dir/certs/$clientemail.cert.$format 444 chmod 444 $dir/certs/$clientemail.cert.$format 446 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 447 $dir/certs/$clientemail.cert.$format 448 openssl x509 -noout -text -in $dir/certs/$clientemail.cert.$format 450 7. The 802.1AR Intermediate level 452 7.1. Setting up the 802.1AR Intermediate Certificate Environment 454 The next part is to create the 802.1AR Intermediate pki environment. 455 This is very similar to the Intermediate pki environment. Modify the 456 variables to suit your needs. 458 export dir=$cadir/8021ARintermediate 459 mkdir $dir 460 cd $dir 461 mkdir certs crl csr newcerts private 462 chmod 700 private 463 touch index.txt 464 sn=8 # hex 8 is minimum, 19 is maximum 465 echo 1000 > $dir/crlnumber 467 # cd $dir 468 export crlDP= 469 # For CRL support use uncomment these: 470 #crl=8021ARintermediate.crl.pem 471 #crlurl=www.htt-consult.com/pki/$crl 472 #export crlDP="URI:http://$crlurl" 473 export default_crl_days=30 474 export ocspIAI= 475 # For OCSP support use uncomment these: 476 #ocspurl=ocsp.htt-consult.com 477 #export ocspIAI="OCSP;URI:http://$ocspurl" 479 countryName="/C=US" 480 stateOrProvinceName="/ST=MI" 481 localityName="/L=Oak Park" 482 organizationName="/O=HTT Consulting" 483 organizationalUnitName="/OU=Devices" 484 #organizationalUnitName= 485 commonName="/CN=802.1AR CA" 486 DN=$countryName$stateOrProvinceName$localityName$organizationName 487 DN=$DN$organizationalUnitName$commonName 488 echo $DN 489 export subjectAltName=email:postmaster@htt-consult.com 490 echo $subjectAltName 492 Create the file, $dir/openssl-8021ARintermediate.cnf from the 493 contents in Appendix A.3. Uncomment lines for crlDistributionPoints 494 and authorityInfoAccess if using CRLs or OSCP repectfully. 496 7.2. Create the 802.1AR Intermediate Certificate 498 Here are the openssl commands to create the 802.1AR Intermediate 499 certificate keypair, 802.1AR Intermediate certificate signed request 500 (CSR), and the 802.1AR Intermediate certificate. Included are 501 commands to view the file contents. 503 # Create passworded keypair file 505 openssl genpkey -aes256 -algorithm $algorithm\ 506 -outform $format -out $dir/private/8021ARintermediate.key.$format 507 chmod 400 $dir/private/8021ARintermediate.key.$format 508 openssl pkey -inform $format\ 509 -in $dir/private/8021ARintermediate.key.$format -text -noout 511 # Create the CSR 513 openssl req -config $cadir/openssl-root.cnf\ 514 -key $dir/private/8021ARintermediate.key.$format \ 515 -keyform $format -outform $format -subj "$DN" -new\ 516 -out $dir/csr/8021ARintermediate.csr.$format 517 openssl req -text -noout -verify -inform $format\ 518 -in $dir/csr/8021ARintermediate.csr.$format 520 # Create 802.1AR Intermediate Certificate file 521 # The following does NOT work for DER 523 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 524 # Note 'openssl ca' does not support DER format 525 openssl ca -config $cadir/openssl-root.cnf -days 3650\ 526 -extensions v3_intermediate_ca -notext\ 527 -in $dir/csr/8021ARintermediate.csr.$format\ 528 -out $dir/certs/8021ARintermediate.cert.pem 530 chmod 444 $dir/certs/8021ARintermediate.cert.$format 532 openssl verify -CAfile $cadir/certs/ca.cert.$format\ 533 $dir/certs/8021ARintermediate.cert.$format 535 openssl x509 -noout -text\ 536 -in $dir/certs/8021ARintermediate.cert.$format 538 # Create the certificate chain file 540 cat $dir/certs/8021ARintermediate.cert.$format\ 541 $cadir/certs/ca.cert.$format > $dir/certs/ca-chain.cert.$format 542 chmod 444 $dir/certs/ca-chain.cert.$format 544 7.3. Create an 802.1AR iDevID Certificate 546 Here are the openssl commands to create a 802.1AR iDevID certificate 547 keypair, iDevID certificate signed request (CSR), and the iDevID 548 certificate. Included are commands to view the file contents. 550 DevID=Wt1234 551 countryName= 552 stateOrProvinceName= 553 localityName= 554 organizationName="/O=HTT Consulting" 555 organizationalUnitName="/OU=Devices" 556 commonName= 557 serialNumber="/serialNumber=$DevID" 558 DN=$countryName$stateOrProvinceName$localityName 559 DN=$DN$organizationName$organizationalUnitName$commonName 560 DN=$DN$serialNumber 561 echo $DN 563 # hwType is OID for HTT Consulting, devices, sensor widgets 564 export hwType=1.3.6.1.4.1.6715.10.1 565 export hwSerialNum=01020304 # Some hex 566 export subjectAltName="otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname" 567 echo $hwType - $hwSerialNum 569 openssl genpkey -algorithm $algorithm\ 570 -out $dir/private/$DevID.key.$format 571 chmod 400 $dir/private/$DevID.key.$format 572 openssl pkey -in $dir/private/$DevID.key.$format -text -noout 573 openssl req -config $dir/openssl-8021ARintermediate.cnf\ 574 -key $dir/private/$DevID.key.$format \ 575 -subj "$DN" -new -out $dir/csr/$DevID.csr.$format 577 openssl req -text -noout -verify\ 578 -in $dir/csr/$DevID.csr.$format 579 openssl asn1parse -i -in $dir/csr/$DevID.csr.pem 580 # offset of start of hardwareModuleName and use that in place of 141 581 openssl asn1parse -i -strparse 141 -in $dir/csr/$DevID.csr.pem 583 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 584 # Note 'openssl ca' does not support DER format 585 openssl ca -config $dir/openssl-8021ARintermediate.cnf\ 586 -extensions 8021ar_idevid -notext \ 587 -in $dir/csr/$DevID.csr.$format\ 588 -out $dir/certs/$DevID.cert.$format 589 chmod 444 $dir/certs/$DevID.cert.$format 591 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 592 $dir/certs/$DevID.cert.$format 593 openssl x509 -noout -text -in $dir/certs/$DevID.cert.$format 594 openssl asn1parse -i -in $dir/certs/$DevID.cert.pem 596 # offset of start of hardwareModuleName and use that in place of 576 597 openssl asn1parse -i -strparse 576 -in $dir/certs/$DevID.cert.pem 599 8. Setting up a CRL for an Intermediate CA 601 This part provides CRL support to an Intermediate CA. In this memo 602 it applies to both Intermediate CAs. Set the crlDistributionPoints 603 as provided via the environment variables. 605 8.1. Create (or recreate) the CRL 607 It is simple to create the CRL. The CRL consists of the certificates 608 flagged with an R (Revoked) in index.txt: 610 # Select which Intermediate level 611 intermediate=intermediate 612 #intermediate=8021ARintermediate 613 dir=$cadir/$intermediate 614 crl=$intermediate.crl.pem 615 cd $dir 617 # Create CRL file 618 openssl ca -config $dir/openssl-$intermediate.cnf \ 619 -gencrl -out $dir/crl/$crl 620 chmod 444 $dir/crl/$crl 622 openssl crl -in $dir/crl/$crl -noout -text 624 8.2. Revoke a Certificate 626 Revoking a certificate is a two step process. First identify the 627 target certificate, examples are listed below. Revoke it then 628 publish a new CRL. 630 targetcert=fqdn 631 #targetcert=clientemail 632 #targetcert=DevID 634 openssl ca -config $dir/openssl-$intermediate.cnf\ 635 -revoke $dir/certs/$targetcert.cert.$format 637 Recreate the CRL using Section 8.1. 639 9. Setting up OCSP for an Intermediate CA 641 This part provides OCSP support to an Intermediate CA. In this memo 642 it applies to both Intermediate CAs. Set the authorityInfoAccess as 643 provided via the environment variables. 645 9.1. Create the OCSP Certificate 647 OCSP needs a signing certificate. This certificate must be signed by 648 the CA that signed the certificate being checked. The steps to 649 create this certificate is the similar to a Server certificate for 650 the CA: 652 # Select which Intermediate level 653 intermediate=intermediate 654 #intermediate=8021ARintermediate 655 # Optionally, password encrypt key pair 656 encryptkey= 657 #encryptkey=-aes256 659 # Create the key pair in Intermediate level $intermediate 660 cd $dir 661 openssl genpkey -algorithm $algorithm\ 662 $encryptkey -out $dir/private/$ocspurl.key.$format 663 chmod 400 $dir/private/$ocspurl.$format 664 openssl pkey -in $dir/private/$ocspurl.key.$format -text -noout 666 # Create CSR 667 commonName= 668 DN=$countryName$stateOrProvinceName$localityName 669 DN=$DN$organizationName$organizationalUnitName$commonName 670 echo $DN 671 emailaddr=postmaster@htt-consult.com 672 export subjectAltName="DNS:$ocspurl, email:$emailaddr" 673 echo $subjectAltName 674 openssl req -config $dir/openssl-$intermediate.cnf\ 675 -key $dir/private/$ocspurl.key.$format \ 676 -subj "$DN" -new -out $dir/csr/$ocspurl.csr.$format 678 openssl req -text -noout -verify -in $dir/csr/$ocspurl.csr.$format 680 # Create Certificate 682 openssl rand -hex $sn > $dir/serial # hex 8 is minimum, 19 is maximum 683 # Note 'openssl ca' does not support DER format 684 openssl ca -config $dir/openssl-$intermediate.cnf -days 375\ 685 -extensions ocsp -notext \ 686 -in $dir/csr/$ocspurl.csr.$format\ 687 -out $dir/certs/$ocspurl.cert.$format 688 chmod 444 $dir/certs/$ocspurl.cert.$format 690 openssl verify -CAfile $dir/certs/ca-chain.cert.$format\ 691 $dir/certs/$ocspurl.cert.$format 692 openssl x509 -noout -text -in $dir/certs/$ocspurl.cert.$format 694 9.2. Revoke a Certificate 696 Revoke the certificate as in Section 8.2. The OCSP responder SHOULD 697 detect the flag change in index.txt and, when queried respond 698 appropriately. 700 9.3. Testing OCSP with Openssl 702 OpenSSL provides a simple OCSP service that can be used to test the 703 OCSP certificate and revocation process (Note that this only reads 704 the index.txt to get the certificate status at startup). 706 In a terminal window, set variables dir and ocspurl (examples below), 707 then run the simple OCSP service: 709 dir=/root/ca/intermediate 710 ocspurl=ocsp.htt-consult.com 712 openssl ocsp -port 2560 -text\ 713 -index $dir/index.txt \ 714 -CA $dir/certs/ca-chain.cert.pem \ 715 -rkey $dir/private/$ocspurl.key.pem \ 716 -rsigner $dir/certs/$ocspurl.cert.pem \ 717 -nrequest 1 719 In another window, test out a certificate status with: 721 targetcert=fqdn 722 #targetcert=clientemail 723 #targetcert=DevID 725 openssl ocsp -CAfile $dir/certs/ca-chain.cert.pem \ 726 -url http://127.0.0.1:2560 -resp_text\ 727 -issuer $dir/certs/$intermediate.cert.pem \ 728 -cert $dir/certs/$targetcert.cert.pem 730 Revoke the certificate, Section 8.2, restart the test Responder again 731 as above, then check the certificate status. 733 10. Footnotes 735 This section is a complete copy of [I-D.moskowitz-ecdsa-pki]. 736 Changes will be made if anything is found specific to either ECDSA or 737 ED25519. 739 Creating this document was a real education in the state of openSSL, 740 X.509 certificate guidance, and just general level of certificate 741 awareness. Here are a few short notes. 743 10.1. Certificate Serial Number 745 The certificate serial number's role is to provide yet another way to 746 maintain uniqueness of certificates within a pki as well as a way to 747 index them in a data store. It has taken on other roles, most 748 notably as a defense. 750 The CABForum guideline for a public CA is for the serial number to be 751 a random number at least 8 octets long and no longer than 20 bytes. 752 By default, openssl makes self-signed certificates with 8 octet 753 serial numbers. This guide uses openssl's RAND function to generate 754 the random value and pipe it into the -set_serial option. This 755 number MAY have the first bit as a ONE; the DER encoding rules 756 prepend such numbers with 0x00. Thus the limit of '19' for the 757 variable 'ns'. 759 A private CA need not follow the CABForum rules and can use anything 760 number for the serial number. For example, the root CA (which has no 761 security risks mitigated by using a random value) could use '1' as 762 its serial number. Intermediate and End Entity certificate serial 763 numbers can also be of any value if a strong hash, like SHA256 used 764 here. A value of 4 for ns would provide a sufficient population so 765 that a CA of 10,000 EE certificates will have only a 1.2% probability 766 of a collision. For only 1,000 certificates the probability drops to 767 0.012%. 769 The following was proposed on the openssl-user list as an alternative 770 to using the RAND function: 772 Keep k bits (k/8 octets) long serial numbers for all your 773 certificates, chose a block cipher operating on blocks of k bits, and 774 operate this block cipher in CTR mode, with a proper secret key and 775 secret starting counter. That way, no collision detection is 776 necessary, you'll be able to generate 2^(k/2) unique k bits longs 777 serial numbers (in fact, you can generate 2^k unique serial numbers, 778 but after 2^(k/2) you lose some security guarantees). 780 With 3DES, k=64, and with AES, k=128. 782 10.2. Some OpenSSL config file limitations 784 There is a bit of inconsistency in how different parts and fields in 785 the config file are used. Environment variables can only be used as 786 values. Some fields can have null values, others cannot. The lack 787 of allowing null fields means a script cannot feed in an environment 788 variable with value null. In such a case, the field has to be 789 removed from the config file. 791 The expectation is each CA within a PKI has its own config file, 792 customized to the certificates supported by that CA. 794 10.3. subjectAltName support, or lack thereof 796 There is no direct openssl command line option to provide a 797 subjectAltName for a certificate. This is a serious limitation. Per 798 RFC 5280 [RFC5280] SAN is the object for providing email addresses 799 and DNS addresses (FQDN), yet the common practice has been to use the 800 commonName object within the distinguishedName object. How much of 801 this is due to the difficulty in creating certificates with a SAN? 803 Thus the only way to provide a SAN is through the config file. And 804 there are two approaches. This document uses an environment variable 805 to provide the SAN value into the config file. Another approach is 806 to use piping as in: 808 openssl req -new -key domain.key\ 809 -subj "/C=US/ST=CA/O=Acme, Inc./CN=foo.com" -reqexts SAN\ 810 -config <(cat /etc/ssl/openssl.cnf\ 811 <(printf "[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))\ 812 -out domain.csr 814 10.4. Certificates with only subjectAltName 816 Also in RFC 5280 [RFC5280] (sec 4.2.1.6): if the only subject 817 identity in the certificate is in subjectAltName, then Subject MUST 818 be empty and subjectAltName MUST be marked as critical. 820 This can be achieved with the variable DN=/ and subjectAltName 821 (example given): 823 DN=/ 824 export subjectAltName=critical,email:postmaster@htt-consult.com 826 10.5. DER support, or lack thereof 828 The long, hard-fought battle with openssl to create a full DER pki 829 failed. The is no facility to create a DER certificate from a DER 830 CSR. It just is not there in the 'openssl ca' command. Even the 831 'openssl x509 -req' command cannot do this for a simple certificate. 833 Further, there is no 'hack' for making a certificate chain as there 834 is with PEM. With PEM a simple concatenation of the certificates 835 create a usable certificate chain. For DER, some recommend using 836 PKCS#7 [RFC2315], where others point out that this format is poorly 837 support 'in the field', whereas PKCS#12 [RFC7292] works for them. 839 Finally, openssl does support converting a PEM certificate to DER: 841 openssl x509 -outform der -in certificate.pem -out certificate.der 843 This should also work for the keypair. However, in a highly 844 constrained device it may make more sense to just store the raw 845 keypair in the device's very limited secure storage. 847 11. IANA Considerations 849 TBD. May be nothing for IANA. 851 12. Security Considerations 853 This section is a complete copy of [I-D.moskowitz-ecdsa-pki]. 854 Changes will be made if anything is found specific to either ECDSA or 855 EDDSA. 857 12.1. Adequate Randomness 859 Creating certificates takes a lot of random numbers. A good source 860 of random numbers is critical. Studies [WeakKeys] have found 861 excessive amount of certificates, all with the same keys due to bad 862 randomness on the generating systems. The amount of entropy 863 available for these random numbers can be tested. On Fedora/Centos 864 use: 866 cat /proc/sys/kernel/random/entropy_avail 868 If the value is low (below 1000) check your system's randomness 869 source. Is rng-tools installed? Consider adding an entropy 870 collection service like haveged from issihosts.com/haveged. 872 12.2. Key pair Theft 874 During the certificate creation, particularly during keypair 875 generation, the files are vulnerable to theft. This can be mitigate 876 using umask. Before using openssl, set umask: 878 restore_mask=$(umask -p) 879 umask 077 880 Afterwards, restore it with: 882 $restore_mask 884 13. Acknowledgments 886 This work is possible because of the availability of openSSL 1.1.1. 887 As in [I-D.moskowitz-ecdsa-pki], the openssl-user mailing list, with 888 its many supportive experts, was of immense help in the nuance 889 differences between ECDSA and EDDSA. 891 14. References 893 14.1. Normative References 895 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 896 Requirement Levels", BCP 14, RFC 2119, 897 DOI 10.17487/RFC2119, March 1997, 898 . 900 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 901 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 902 May 2017, . 904 14.2. Informative References 906 [I-D.moskowitz-ecdsa-pki] 907 Moskowitz, R., Birkholz, H., Xia, L., and M. Richardson, 908 "Guide for building an ECC pki", draft-moskowitz-ecdsa- 909 pki-09 (work in progress), August 2020. 911 [IEEE.802.1AR_2009] 912 IEEE, "IEEE Standard for Local and metropolitan area 913 networks - Secure Device Identity", IEEE 802.1AR-2009, 914 DOI 10.1109/ieeestd.2009.5367679, December 2009, 915 . 918 [RFC2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax 919 Version 1.5", RFC 2315, DOI 10.17487/RFC2315, March 1998, 920 . 922 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 923 Housley, R., and W. Polk, "Internet X.509 Public Key 924 Infrastructure Certificate and Certificate Revocation List 925 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 926 . 928 [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., 929 and M. Scott, "PKCS #12: Personal Information Exchange 930 Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, 931 . 933 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital 934 Signature Algorithm (EdDSA)", RFC 8032, 935 DOI 10.17487/RFC8032, January 2017, 936 . 938 [WeakKeys] 939 Heninger, N., Durumeric, Z., Wustrow, E., and J. 940 Halderman, "Detection of Widespread Weak Keys in Network 941 Devices", July 2011, 942 . 945 Appendix A. OpenSSL config files 947 A.1. OpenSSL Root config file 949 The following is the openssl-root.cnf file contents 951 # OpenSSL root CA configuration file. 952 # Copy to `$dir/openssl-root.cnf`. 954 [ ca ] 955 # `man ca` 956 default_ca = CA_default 958 [ CA_default ] 959 # Directory and file locations. 960 dir = $ENV::dir 961 cadir = $ENV::cadir 962 format = $ENV::format 964 certs = $dir/certs 965 crl_dir = $dir/crl 966 new_certs_dir = $dir/newcerts 967 database = $dir/index.txt 968 serial = $dir/serial 969 RANDFILE = $dir/private/.rand 971 # The root key and root certificate. 972 private_key = $cadir/private/ca.key.$format 973 certificate = $cadir/certs/ca.cert.$format 974 # For certificate revocation lists. 975 crlnumber = $dir/crlnumber 976 crl = $dir/crl/ca.crl.pem 977 crl_extensions = crl_ext 978 default_crl_days = 30 980 # SHA-1 is deprecated, so use SHA-2 instead. 981 default_md = sha256 983 name_opt = ca_default 984 cert_opt = ca_default 985 default_days = 375 986 preserve = no 987 policy = policy_strict 988 copy_extensions = copy 990 [ policy_strict ] 991 # The root CA should only sign intermediate certificates that match. 992 # See the POLICY FORMAT section of `man ca`. 993 countryName = match 994 stateOrProvinceName = match 995 organizationName = match 996 organizationalUnitName = optional 997 commonName = optional 999 [ policy_loose ] 1000 # Allow the intermediate CA to sign a more 1001 # diverse range of certificates. 1002 # See the POLICY FORMAT section of the `ca` man page. 1003 countryName = optional 1004 stateOrProvinceName = optional 1005 localityName = optional 1006 organizationName = optional 1007 organizationalUnitName = optional 1008 commonName = optional 1010 [ req ] 1011 # Options for the `req` tool (`man req`). 1012 default_bits = 2048 1013 distinguished_name = req_distinguished_name 1014 string_mask = utf8only 1015 req_extensions = req_ext 1017 # SHA-1 is deprecated, so use SHA-2 instead. 1018 default_md = sha256 1020 # Extension to add when the -x509 option is used. 1021 x509_extensions = v3_ca 1023 [ req_distinguished_name ] 1024 # See . 1025 countryName = Country Name (2 letter code) 1026 stateOrProvinceName = State or Province Name 1027 localityName = Locality Name 1028 0.organizationName = Organization Name 1029 organizationalUnitName = Organizational Unit Name 1030 commonName = Common Name 1032 # Optionally, specify some defaults. 1033 # countryName_default = US 1034 # stateOrProvinceName_default = MI 1035 # localityName_default = Oak Park 1036 # 0.organizationName_default = HTT Consulting 1037 # organizationalUnitName_default = 1039 [ req_ext ] 1040 subjectAltName = $ENV::subjectAltName 1042 [ v3_ca ] 1043 # Extensions for a typical CA (`man x509v3_config`). 1044 subjectKeyIdentifier = hash 1045 authorityKeyIdentifier = keyid:always,issuer 1046 basicConstraints = critical, CA:true 1047 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1048 keyUsage = critical, cRLSign, keyCertSign 1049 subjectAltName = $ENV::subjectAltName 1051 [ v3_intermediate_ca ] 1052 # Extensions for a typical intermediate CA (`man x509v3_config`). 1053 subjectKeyIdentifier = hash 1054 authorityKeyIdentifier = keyid:always,issuer 1055 basicConstraints = critical, CA:true, pathlen:0 1056 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1057 keyUsage = critical, cRLSign, keyCertSign 1059 [ crl_ext ] 1060 # Extension for CRLs (`man x509v3_config`). 1061 authorityKeyIdentifier=keyid:always 1063 [ ocsp ] 1064 # Extension for OCSP signing certificates (`man ocsp`). 1065 basicConstraints = CA:FALSE 1066 subjectKeyIdentifier = hash 1067 authorityKeyIdentifier = keyid,issuer 1068 keyUsage = critical, digitalSignature 1069 extendedKeyUsage = critical, OCSPSigning 1071 A.2. OpenSSL Intermediate config file 1073 The following is the openssl-intermediate.cnf file contents. 1075 Remove the crlDistributionPoints to drop CRL support and 1076 authorityInfoAccess to drop OCSP support. 1078 # OpenSSL intermediate CA configuration file. 1079 # Copy to `$dir/openssl-intermediate.cnf`. 1081 [ ca ] 1082 # `man ca` 1083 default_ca = CA_default 1085 [ CA_default ] 1086 # Directory and file locations. 1087 dir = $ENV::dir 1088 cadir = $ENV::cadir 1089 format = $ENV::format 1091 certs = $dir/certs 1092 crl_dir = $dir/crl 1093 new_certs_dir = $dir/newcerts 1094 database = $dir/index.txt 1095 serial = $dir/serial 1096 RANDFILE = $dir/private/.rand 1098 # The Intermediate key and Intermediate certificate. 1099 private_key = $dir/private/intermediate.key.$format 1100 certificate = $dir/certs/intermediate.cert.$format 1102 # For certificate revocation lists. 1103 crlnumber = $dir/crlnumber 1104 crl = $dir/crl/intermediate.crl.pem 1105 crl_extensions = crl_ext 1106 default_crl_days = $ENV::default_crl_days 1108 # SHA-1 is deprecated, so use SHA-2 instead. 1109 default_md = sha256 1111 name_opt = ca_default 1112 cert_opt = ca_default 1113 default_days = 375 1114 preserve = no 1115 policy = policy_loose 1116 copy_extensions = copy 1118 [ policy_strict ] 1119 # The root CA should only sign intermediate certificates that match. 1120 # See the POLICY FORMAT section of `man ca`. 1121 countryName = match 1122 stateOrProvinceName = match 1123 organizationName = match 1124 organizationalUnitName = optional 1125 commonName = optional 1127 [ policy_loose ] 1128 # Allow the intermediate CA to sign a more 1129 # diverse range of certificates. 1130 # See the POLICY FORMAT section of the `ca` man page. 1131 countryName = optional 1132 stateOrProvinceName = optional 1133 localityName = optional 1134 organizationName = optional 1135 organizationalUnitName = optional 1136 commonName = optional 1137 UID = optional 1139 [ req ] 1140 # Options for the `req` tool (`man req`). 1141 default_bits = 2048 1142 distinguished_name = req_distinguished_name 1143 string_mask = utf8only 1144 req_extensions = req_ext 1146 # SHA-1 is deprecated, so use SHA-2 instead. 1147 default_md = sha256 1149 # Extension to add when the -x509 option is used. 1150 x509_extensions = v3_ca 1152 [ req_distinguished_name ] 1153 # See . 1154 countryName = Country Name (2 letter code) 1155 stateOrProvinceName = State or Province Name 1156 localityName = Locality Name 1157 0.organizationName = Organization Name 1158 organizationalUnitName = Organizational Unit Name 1159 commonName = Common Name 1160 UID = User ID 1162 # Optionally, specify some defaults. 1163 # countryName_default = US 1164 # stateOrProvinceName_default = MI 1165 # localityName_default = Oak Park 1166 # 0.organizationName_default = HTT Consulting 1167 # organizationalUnitName_default = 1169 [ req_ext ] 1170 subjectAltName = $ENV::subjectAltName 1172 [ v3_ca ] 1173 # Extensions for a typical CA (`man x509v3_config`). 1174 subjectKeyIdentifier = hash 1175 authorityKeyIdentifier = keyid:always,issuer 1176 basicConstraints = critical, CA:true 1177 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1178 keyUsage = critical, cRLSign, keyCertSign 1180 [ v3_intermediate_ca ] 1181 # Extensions for a typical intermediate CA (`man x509v3_config`). 1182 subjectKeyIdentifier = hash 1183 authorityKeyIdentifier = keyid:always,issuer 1184 basicConstraints = critical, CA:true, pathlen:0 1185 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1186 keyUsage = critical, cRLSign, keyCertSign 1188 [ usr_cert ] 1189 # Extensions for client certificates (`man x509v3_config`). 1190 basicConstraints = CA:FALSE 1191 nsCertType = client, email 1192 nsComment = "OpenSSL Generated Client Certificate" 1193 subjectKeyIdentifier = hash 1194 authorityKeyIdentifier = keyid,issuer 1195 keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment 1196 extendedKeyUsage = clientAuth, emailProtection 1197 # uncomment the following if the ENV variables set 1198 # crlDistributionPoints = $ENV::crlDP 1199 # authorityInfoAccess = $ENV::ocspIAI 1201 [ server_cert ] 1202 # Extensions for server certificates (`man x509v3_config`). 1203 basicConstraints = CA:FALSE 1204 nsCertType = server 1205 nsComment = "OpenSSL Generated Server Certificate" 1206 subjectKeyIdentifier = hash 1207 authorityKeyIdentifier = keyid,issuer:always 1208 keyUsage = critical, digitalSignature, keyEncipherment 1209 extendedKeyUsage = serverAuth 1210 # uncomment the following if the ENV variables set 1211 # crlDistributionPoints = $ENV::crlDP 1212 # authorityInfoAccess = $ENV::ocspIAI 1214 [ crl_ext ] 1215 # Extension for CRLs (`man x509v3_config`). 1216 authorityKeyIdentifier=keyid:always 1218 [ ocsp ] 1219 # Extension for OCSP signing certificates (`man ocsp`). 1220 basicConstraints = CA:FALSE 1221 subjectKeyIdentifier = hash 1222 authorityKeyIdentifier = keyid,issuer 1223 keyUsage = critical, digitalSignature 1224 extendedKeyUsage = critical, OCSPSigning 1226 A.3. OpenSSL 802.1AR Intermediate config file 1228 The following is the openssl-8021ARintermediate.cnf file contents. 1230 Remove the crlDistributionPoints to drop CRL support and 1231 authorityInfoAccess to drop OCSP support. 1233 # OpenSSL 8021ARintermediate CA configuration file. 1234 # Copy to `$dir/openssl-8021ARintermediate.cnf`. 1236 [ ca ] 1237 # `man ca` 1238 default_ca = CA_default 1240 [ CA_default ] 1241 # Directory and file locations. 1242 # dir = /root/ca/8021ARintermediate 1243 dir = $ENV::dir 1244 cadir = $ENV::cadir 1245 format = $ENV::format 1247 certs = $dir/certs 1248 crl_dir = $dir/crl 1249 new_certs_dir = $dir/newcerts 1250 database = $dir/index.txt 1251 serial = $dir/serial 1252 RANDFILE = $dir/private/.rand 1254 # The root key and root certificate. 1255 private_key = $dir/private/8021ARintermediate.key.$format 1256 certificate = $dir/certs/8021ARintermediate.cert.$format 1258 # For certificate revocation lists. 1259 crlnumber = $dir/crlnumber 1260 crl = $dir/crl/ca.crl.pem 1261 crl_extensions = crl_ext 1262 default_crl_days = $ENV::default_crl_days 1264 # SHA-1 is deprecated, so use SHA-2 instead. 1265 default_md = sha256 1267 name_opt = ca_default 1268 cert_opt = ca_default 1269 default_enddate = 99991231235959Z # per IEEE 802.1AR 1270 preserve = no 1271 policy = policy_loose 1272 copy_extensions = copy 1274 [ policy_strict ] 1275 # The root CA should only sign 8021ARintermediate 1276 # certificates that match. 1277 # See the POLICY FORMAT section of `man ca`. 1278 countryName = match 1279 stateOrProvinceName = match 1280 organizationName = match 1281 organizationalUnitName = optional 1282 commonName = optional 1284 [ policy_loose ] 1285 # Allow the 8021ARintermediate CA to sign 1286 # a more diverse range of certificates. 1287 # See the POLICY FORMAT section of the `ca` man page. 1288 countryName = optional 1289 stateOrProvinceName = optional 1290 localityName = optional 1291 organizationName = optional 1292 organizationalUnitName = optional 1293 commonName = optional 1294 serialNumber = optional 1296 [ req ] 1297 # Options for the `req` tool (`man req`). 1298 default_bits = 2048 1299 distinguished_name = req_distinguished_name 1300 string_mask = utf8only 1301 req_extensions = req_ext 1303 # SHA-1 is deprecated, so use SHA-2 instead. 1304 default_md = sha256 1306 # Extension to add when the -x509 option is used. 1307 x509_extensions = v3_ca 1309 [ req_distinguished_name ] 1310 # See . 1311 countryName = Country Name (2 letter code) 1312 stateOrProvinceName = State or Province Name 1313 localityName = Locality Name 1314 0.organizationName = Organization Name 1315 organizationalUnitName = Organizational Unit Name 1316 commonName = Common Name 1317 serialNumber = Device Serial Number 1319 # Optionally, specify some defaults. 1320 0.organizationName_default = HTT Consulting 1321 organizationalUnitName_default = Devices 1323 [ req_ext ] 1324 subjectAltName = $ENV::subjectAltName 1326 [ hmodname ] 1327 hwType = OID:$ENV::hwType 1328 hwSerialNum = FORMAT:HEX,OCT:$ENV::hwSerialNum 1330 [ v3_ca ] 1331 # Extensions for a typical CA (`man x509v3_config`). 1332 subjectKeyIdentifier = hash 1333 authorityKeyIdentifier = keyid:always,issuer 1334 basicConstraints = critical, CA:true 1335 keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1337 [ v3_8021ARintermediate_ca ] 1338 # Extensions for a typical 1339 # 8021ARintermediate CA (`man x509v3_config`). 1340 subjectKeyIdentifier = hash 1341 authorityKeyIdentifier = keyid:always,issuer 1342 basicConstraints = critical, CA:true, pathlen:0 1343 # keyUsage = critical, digitalSignature, cRLSign, keyCertSign 1344 keyUsage = critical, cRLSign, keyCertSign 1346 [ 8021ar_idevid ] 1347 # Extensions for IEEE 802.1AR iDevID 1348 # certificates (`man x509v3_config`). 1349 basicConstraints = CA:FALSE 1350 authorityKeyIdentifier = keyid,issuer:always 1351 keyUsage = critical, digitalSignature, keyEncipherment 1352 # uncomment the following if the ENV variables set 1353 # crlDistributionPoints = $ENV::crlDP 1354 # authorityInfoAccess = $ENV::ocspIAI 1356 [ crl_ext ] 1357 # Extension for CRLs (`man x509v3_config`). 1358 authorityKeyIdentifier=keyid:always 1360 [ ocsp ] 1361 # Extension for OCSP signing certificates (`man ocsp`). 1362 basicConstraints = CA:FALSE 1363 subjectKeyIdentifier = hash 1364 authorityKeyIdentifier = keyid,issuer 1365 keyUsage = critical, digitalSignature 1366 extendedKeyUsage = critical, OCSPSigning 1368 Authors' Addresses 1370 Robert Moskowitz 1371 HTT Consulting 1373 Oak Park, MI 48237 1375 Email: rgm@labs.htt-consult.com 1377 Henk Birkholz 1378 Fraunhofer SIT 1379 Rheinstrasse 75 1380 Darmstadt 64295 1381 Germany 1383 Email: henk.birkholz@sit.fraunhofer.de 1385 Michael C. Richardson 1386 Sandelman Software Works 1388 Email: mcr+ietf@sandelman.ca 1389 URI: http://www.sandelman.ca/