[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL server certificate that has an intermediary certificate in the chain

2011/8/1 Howard Chu <hyc@symas.com>:
> David Hawes wrote:
> Think about why you would configure such a setup, and what it actually
> means. When you have a certificate of your own, signed by a particular CA,
> that obviously means that you must trust that CA. If you're going to accept
> a cert from another party that is signed by a different CA that obviously
> means that you must also trust the other CA. There is absolutely nothing
> gained from isolating these two CAs, on either side of the session.

You've never been into such a situation. That doesn't mean such an
isolation is irrelevant.

In a project I'm working on (that doesn't mean I'm the only guy who
produced the certificates, in my basement, etc), servers have a
certificate signed by a public CA, but can accept connections from
client signed by their own CA. The servers and clients are
disseminated all over the world, and are "country-level" (sorry for my
bad english, I don't know how to translate it).
For example, consider some countries: DE, US, UK, AU, ... Each of
these countries have a server, signed by a public CA (so that
everybody, even anonymous users, can connect and trust the server),
but they deliver client auth certificates to other countries
participants (verified by diplomatic means), signed by their own CA.
That way, the German server only trusts German-CA-issued client
certificates, and all the other country participants, when connecting
to the German server, need to select the right client certificate.

> OpenSSL (e.g.) already sends only the chain of certificates relevant to its
> own subject cert. The fact that all CAs are tossed into a single file (or
> directory) together is irrelevant; in memory it's all managed as a database
> and only the certs that it needs are accessed.

In "the certs that it needs", who is "it"? The server? How can the
server know what are the needed certs for the client to build a
certificate chain joining a trust anchor *he* (the client) only knows

I verified that on a GnuTLS-enabled OpenLDAP, the behavior you
described is what happens, but I haven't tested with a more
complicated chain (for example a cross certified CA certificate, which
could then attach to several trust anchors). I also saw that because
you place everything in the same file, the server sends the root CA to
the client, which is useless (and therefore is a waste).