Содержание
Openssl: ручная проверка сертификата по crl
Перевод:
OpenSSL: Manually verify a certificate against a CRL
Автор: Реми ван Элст (Remy van Elst)
Содержание
- Получение сертификата с CRL
- Получение цепочки сертификатов
- Соединение CRL и цепочки
- Проверка OpenSSL
- Отозванный сертификат
В этой статье будет показано, как можно вручную проверить сертификат по CRL. CRL означает Certificate Revocation List – список отозванных сертификатов – и является одним из способов проверки статуса сертификата. Этот способ является альтернативой для OCSP – Online Certificate Status Protocol – протокола интерактивного статуса сертификата.
Больше о CRL можно прочитать на Википедии.
Если нужно проверить сертификат по OCSP, обратитесь к другой моей статье.
Воспользуемся OpenSSL. Я использую такую версию:
$ openssl version OpenSSL 1.0.2 22 Jan 2021
Получение сертификата с CRL
Для начала нужно получить сертификат проверяемого веб-сайта. Возьмём в качестве примера Википедию. Получить сертификат можно при помощи следующей команды:
openssl s_client -connect wikipedia.org:443 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p'
Сохраним вывод в файл, например, wikipedia.pem:
openssl s_client -connect wikipedia.org:443 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' > wikipedia.pem
Теперь проверим, есть ли у этого сертификата URI CRL:
openssl x509 -noout -text -in wikipedia.pem | grep -A 4 'X509v3 CRL Distribution Points'
X509v3 CRL Distribution Points: # Точки распространения X509v3 CRL
Full Name: # Полное имя
URI:http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crlЕсли ничего не выведено, значит у сертификата нет URI CRL. Его нельзя проверить по CRL.
Скачиваем CRL:
wget -O crl.der http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl
CRL имеет двоичный формат
DER
. Команде OpenSSL нужен файл в формате PEM (base64-кодированный DER), поэтому преобразуем его:
openssl crl -inform DER -in crl.der -outform PEM -out crl.pem
Получение цепочки сертификатов
Кроме проверяемого сертификата нужна цепочка сертификатов. Поэтому нужно получить цепочку сертификатов для проверяемого домена – wikipedia.org. Воспользовавшись опцией -showcerts команды openssl s_client, можно увидеть все сертификаты, принадлежащие цепочке:
openssl s_client -connect wikipedia.org:443 -showcerts 2>&1 < /dev/null
Будет выведено много текста, но нас интересует в нём следующее:
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3 i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA -----BEGIN CERTIFICATE----- MIIGWDCCBUCgAwIBAgIQCl8RTQNbF5EX0u/UA4w/OzANBgkqhkiG9w0BAQUFADBs MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBFViBSb290IENBMB4XDTA4MDQwMjEyMDAwMFoXDTIyMDQwMzAwMDAwMFowZjEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTElMCMGA1UEAxMcRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug Q0EtMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9hCikQH17 NDdR CPge yLtYb4LDXBMUGMmdRW5QYiXtvCgFbsIYOBC6AUpEIc2iihlqO8xB3RtNpcv KEZmBMcqeSZ6mdWOw21PoF6tvD2Rwll7XjZswFPPAAgyPhBkWBATaccM7pxCUQD5 BUTuJM56H 2MEb0SqPMV9Bx6MWkBG6fmXcCabH4JnudSREoQOiPkm7YDr6ictFuf 1EutkozOtREqqjcYjbTCuNhcBoz4/yO9NV7UfD5 gw6RlgWYw7If48hl66l7XaAs zPw82W3tzPpLQ4zJ1LilYRyyQLYoEt 5 F/ 07LJ7z20Hkt8HEyZNp496 ynaF4d 32duXvsCAwEAAaOCAvowggL2MA4GA1UdDwEB/wQEAwIBhjCCAcYGA1UdIASCAb0w ggG5MIIBtQYLYIZIAYb9bAEDAAIwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3 LmRpZ2ljZXJ0LmNvbS9zc2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUH AgIwggFWHoIBUgBBAG4AeQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQBy AHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBj AGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAg AEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQ AGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBt AGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBj AG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBl AHIAZQBuAGMAZQAuMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAm MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSB hzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGln aEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNl cnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSME GDAWgBSxPsNpA/i/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp xCPnuUB INTeeZlIg/cwDQYJKoZIhvcNAQEFBQADggEBAB7ipUiebNtTOA/vphoqrOIDQ 2a vD6OdRvw/S4iWawTwGHi5/rpmc2HCXVUKL9GYNy USyS8xuRfDEIcOI3ucFbqL2j CwD7GhX9A61YasXHJJlIR0YxHpLvtF9ONMeQvzHB LGEhtCcAarfilYGzjrpDq6X dF3XcZpCdF/ejUN83ulV7WkAywXgemFhM9EZTfkI7qA5xSU1tyvED7Ld8aW3DiTE JiiNeXf1L/BXunwH1OH8zVowV36GEEfdMR/X/KLCvzB8XSSq6PmuX2p0ws5rs0bY Ib4p1I5eFdZCSucyb6Sxa1GDWL4/bcf72gMhy2oWGU4K8K2Eyl2Us1p292E= -----END CERTIFICATE-----
Как можно увидеть, это номер 1. Номер 0 – это сертификат Википедии, который у нас уже есть. Если у проверяемого сайта в цепочке имеется больше сертификатов, они все будут отображены. Сохраним все сертификаты в том порядке, в котором их вывел OpenSSL (первый, который непосредственно выпустил сертификат проверяемого сервера, затем тот, который выпустил этот сертификат и так далее с корневым или самым корневым в конце файла) в файл с именем
chain.pem
.
Можно использовать следующую команду для сохранения всех сертификатов, выведенных командой OpenSSL, в файл с именем chain.pem. Обратитесь к этой статье за более подробной информацией.
OLDIFS=$IFS;
IFS=':' certificates=$(openssl s_client -connect wikipedia.org:443 -showcerts -tlsextdebug -tls1 2>&1 < /dev/null
| sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/; p}');
for certificate in ${certificates#:}; do
echo $certificate | tee -a chain.pem ;
done;
IFS=$OLDIFSОбъединение CRL и цепочки
Команде openssl для проверки нужны цепочка сертификатов и CRL в формате PEM, соединённые вместе. Можно пропустить CRL, но тогда проверка по CRL не будет выполнена, произойдёт проверка только сертификата по цепочке.
cat chain.pem crl.pem > crl_chain.pem
Проверка OpenSSL
Теперь у нас есть все данные, необходимые для проверки сертификата.
$ openssl verify -crl_check -CAfile crl_chain.pem wikipedia.pem wikipedia.pem: OK
Результат показывает, что сертификат действительный.
Отозванный сертификат
Если имеется отозванный сертификат, его так же можете проверить способом, описанным выше. Ответ будет выглядеть следующим образом:
$ openssl verify -crl_check -CAfile crl_chain.pem revoked-test.pem revoked-test.pem: OU = Domain Control Validated, OU = PositiveSSL, CN = xs4all.nl error 23 at 0 depth lookup:certificate revoked # ошибка 23 на 0 глубине поиска: сертификат отозван
Имея сертификат и цепочку, эти проверки можно выполнить странице Verisign для проверки отозванных сертификатов:
https://test-sspev.verisign.com:2443/test-SSPEV-revoked-verisign.html
.
Дополнительные примечания
Вы можете использовать веб-браузер вместо curl для проверки локально сохраненного сертификата, но это не очень удобно.
Я отключил эфемерные комплекты алгоритмов DH, но вы можете указать файл параметров DH для использования.
Вы можете использовать openssl s_server для обслуживания файлов по сети, но это просто еще один лакомый кусочек.
Проверьте код возврата (он отличается от кода выхода), так как он четко покажет, что с предоставленными промежуточными сертификатами что-то не так.
Код возврата не является кодом выхода.
Коды возврата описаны на странице руководства verify.
0 X509_V_OK: ok
the operation was successful.
2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate
the issuer certificate of a looked up certificate could not be found. This normally means the list of trusted certificates is not complete.
3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
the CRL of a certificate could not be found.
4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature
the certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA
keys.
5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature
the CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused.
6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key
the public key in the certificate SubjectPublicKeyInfo could not be read.
7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
the signature of the certificate is invalid.
8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
the signature of the certificate is invalid.
9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
the certificate is not yet valid: the notBefore date is after the current time.
10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
the certificate has expired: that is the notAfter date is before the current time.
11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
the CRL is not yet valid.
12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
the CRL has expired.
13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field
the certificate notBefore field contains an invalid time.
14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field
the certificate notAfter field contains an invalid time.
15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field
the CRL lastUpdate field contains an invalid time.
16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field
the CRL nextUpdate field contains an invalid time.
17 X509_V_ERR_OUT_OF_MEM: out of memory
an error occurred trying to allocate memory. This should never happen.
18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
the passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates.
19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
the certificate chain could be built up using the untrusted certificates but the root could not be found locally.
20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
no signatures could be verified because the chain contains only one certificate and it is not self signed.
22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
the certificate chain length is greater than the supplied maximum depth. Unused.
23 X509_V_ERR_CERT_REVOKED: certificate revoked
the certificate has been revoked.
24 X509_V_ERR_INVALID_CA: invalid CA certificate
a CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose.
25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
the basicConstraints pathlength parameter has been exceeded.
26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
the supplied certificate cannot be used for the specified purpose.
27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
the root CA is not marked as trusted for the specified purpose.
28 X509_V_ERR_CERT_REJECTED: certificate rejected
the root CA is marked to reject the specified purpose.
29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
the current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. Only displayed when the -issuer_checks option is set.
30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch
the current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. Only displayed when the
-issuer_checks option is set.
31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch
the current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. Only
displayed when the -issuer_checks option is set.
32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing
the current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing.
50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure
an application specific error. Unused.Квалифицированный сертификат
Выполните простую программу сервера SSL / TLS, используя сертификат SSL, его закрытый ключ и промежуточные сертификаты.
$ openssl s_server -no_dhe -accept 8282 -www -key example.com.key -cert example.com.crt -CAfile example.com.intermediate.crt
Выполните простую клиентскую программу SSL / TLS, чтобы проверить этот сертификат.
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=example.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
2 s:/O=Digital Signature Trust Co./CN=DST Root CA X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISA8J1sgvKsx7iOY1ME0atryKhMA0GCSqGSIb3DQEBCwUA
[...]
ncpOI1U724 /U6vTitOoSAHb83qroLAmXl0OF0SBl5xawTSMhAf44UEIvV6x2iJT
Ul9lKA4Qgyrl3tiXrOZu
-----END CERTIFICATE-----
subject=/CN=example.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4012 bytes and written 451 bytes
---
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 469596E7A4616EEF91EA3D2344AE9C0FBD4D0E96C4CB0130BC7BCDA7F7DA020E
Session-ID-ctx:
Master-Key: D4DF9C8D2324F51A58EEB5E7D3774F1EE54C9E8E0AB69F7F4EC9E3D3B3A9239992AE832F4C638732B2327ADD35F772CE
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 66 78 90 a9 98 12 11 40-b8 03 44 58 03 1e 92 32 fx.....@..DX...2
0010 - da 55 0f c7 26 d7 5e 60-94 56 02 4a ba ae c5 16 .U..&.^`.V.J....
0020 - b7 c6 9e 1c ed 3f 3b 2a-16 31 87 10 1b f6 1e 44 .....?;*.1.....D
0030 - e5 b4 b8 5c d5 b7 66 0d-b3 44 1d c3 cd 73 26 14 .....f..D...s&.
0040 - 93 aa 00 f9 32 45 84 e5-bc e4 cf c8 3e 4e f9 b0 ....2E......>N..
0050 - b7 f9 53 5a 0c 36 60 8f-bb 4b 90 20 ef 67 30 21 ..SZ.6`..K. .g0!
0060 - 26 49 83 94 04 e4 81 9d-76 bf 44 96 d3 6f 5e 3b &I......v.D..o^;
0070 - 49 c6 80 f3 ea d5 e8 06-4c db 8b 74 fa ed 7e df I.......L..t..~.
0080 - 85 b5 ae 91 97 e6 72 36-39 f6 e4 6e 9e 9a 6a a1 ......r69..n..j.
0090 - 48 d5 2a ee b1 48 6d fb-4b 91 1e 28 70 cd 07 98 H.*..Hm.K..(p...
00a0 - 2c 66 fa 19 33 2d 15 7f-5c 23 31 ff 38 97 12 13 ,f..3-..#1.8...
Start Time: 1510259115
Timeout : 300 (sec)
Verify return code: 0 (ok)
---Проверьте код возврата – вы можете безопасно использовать этот сертификат.
Используйте подробный вывод для дальнейшей проверки всего процесса.
* Added example.com:8282:127.0.0.1 to DNS cache
* Hostname example.com was found in DNS cache
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to example.com (127.0.0.1) port 8282 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [94 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3347 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=example.com
* start date: Oct 28 19:55:12 2021 GMT
* expire date: Jan 26 19:55:12 2021 GMT
* subjectAltName: host "example.com" matched cert's "example.com"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
} [5 bytes data]
> GET :/ HTTP/1.1
> Host: example.com:8282
> User-Agent: curl/7.55.1
> Accept: */*
>
{ [5 bytes data]
* HTTP 1.0, assume close after body
< HTTP/1.0 200 ok
< Content-type: text/html
<
{ [7670 bytes data]
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]Пакет сертификатов haproxy
После проверки сертификата необходимо создать комплект сертификатов domain.pem, который включает сертификат domain.crt, промежуточные сертификаты domain.intermediate.crt и закрытый ключ domain.key.
Именно в таком порядке.
Там больше ничего нет.
Дополнительные примечания
Вы можете использовать веб-браузер вместо curl для проверки локально сохраненного сертификата, но это не очень удобно.
Я отключил эфемерные комплекты алгоритмов DH, но вы можете указать файл параметров DH для использования.
Вы можете использовать openssl s_server для обслуживания файлов по сети, но это просто еще один лакомый кусочек.
Проверьте код возврата (он отличается от кода выхода), так как он четко покажет, что с предоставленными промежуточными сертификатами что-то не так.
Код возврата не является кодом выхода.
Коды возврата описаны на странице руководства verify.
0 X509_V_OK: ok
the operation was successful.
2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate
the issuer certificate of a looked up certificate could not be found. This normally means the list of trusted certificates is not complete.
3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
the CRL of a certificate could not be found.
4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature
the certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA
keys.
5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature
the CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused.
6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key
the public key in the certificate SubjectPublicKeyInfo could not be read.
7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
the signature of the certificate is invalid.
8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
the signature of the certificate is invalid.
9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
the certificate is not yet valid: the notBefore date is after the current time.
10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
the certificate has expired: that is the notAfter date is before the current time.
11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
the CRL is not yet valid.
12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
the CRL has expired.
13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field
the certificate notBefore field contains an invalid time.
14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field
the certificate notAfter field contains an invalid time.
15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field
the CRL lastUpdate field contains an invalid time.
16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field
the CRL nextUpdate field contains an invalid time.
17 X509_V_ERR_OUT_OF_MEM: out of memory
an error occurred trying to allocate memory. This should never happen.
18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
the passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates.
19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
the certificate chain could be built up using the untrusted certificates but the root could not be found locally.
20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
no signatures could be verified because the chain contains only one certificate and it is not self signed.
22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
the certificate chain length is greater than the supplied maximum depth. Unused.
23 X509_V_ERR_CERT_REVOKED: certificate revoked
the certificate has been revoked.
24 X509_V_ERR_INVALID_CA: invalid CA certificate
a CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose.
25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
the basicConstraints pathlength parameter has been exceeded.
26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
the supplied certificate cannot be used for the specified purpose.
27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
the root CA is not marked as trusted for the specified purpose.
28 X509_V_ERR_CERT_REJECTED: certificate rejected
the root CA is marked to reject the specified purpose.
29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
the current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. Only displayed when the -issuer_checks option is set.
30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch
the current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. Only displayed when the
-issuer_checks option is set.
31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch
the current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. Only
displayed when the -issuer_checks option is set.
32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing
the current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing.
50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure
an application specific error. Unused.Самоподписанный сертификат ssl
Это простейший возможный пример, который предназначен для сбоев, поскольку нет способа проверить какой-либо случайный самаподписанный сертификат SSL.
Выполните простую программу сервера SSL / TLS, используя самоподписанный сертификат SSL и его закрытый ключ.
$ openssl s_server -no_dhe -accept 8282 -www -key example.org.key -cert example.org.crt
Выполните простую клиентскую программу SSL / TLS, чтобы проверить этот сертификат.
CONNECTED(00000003)
depth=0 C = PL, ST = pomorskie, O = personal, L = Gdansk, CN = example.org, OU = IT, emailAddress = admin@example.org
verify error:num=18:self signed certificate
verify return:1
depth=0 C = PL, ST = pomorskie, O = personal, L = Gdansk, CN = example.org, OU = IT, emailAddress = admin@example.org
verify return:1
---
Certificate chain
0 s:/C=PL/ST=pomorskie/O=personal/L=Gdansk/CN=example.org/OU=IT/emailAddress=admin@example.org
i:/C=PL/ST=pomorskie/O=personal/L=Gdansk/CN=example.org/OU=IT/emailAddress=admin@example.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFkjCCA3oCCQCza lCDud16jANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
[...]
2QZm3C 8jOxDR n1b6bwtrrVl7fD7L0I4iLPDlTBZgzHHibLQbysWzJKQVsuvmbW
QEkCajRYUX0lSHABrIJtgTu5QgJfPOc4Rjzo0LEsoIHonUBiXWc=
-----END CERTIFICATE-----
subject=/C=PL/ST=pomorskie/O=personal/L=Gdansk/CN=example.org/OU=IT/emailAddress=admin@example.org
issuer=/C=PL/ST=pomorskie/O=personal/L=Gdansk/CN=example.org/OU=IT/emailAddress=admin@example.org
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2361 bytes and written 451 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: C1B33BCF1F8A611EE106E7E9D9DED34FD634FFE45C516B716DB14C771F02D32C
Session-ID-ctx:
Master-Key: 22C05CC82AA56345C7E13937A4E7C884A3D6B4CC7C954B54A79C04141CD09DDAF760852D9E31D20900DA20865A42BE52
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 6c d9 32 c1 a9 7b 97 c7-7d 86 75 49 05 10 3b d8 l.2..{..}.uI..;.
0010 - 9e 2c 6b 26 ac 11 b6 d6-2a 4b 7b de 07 1d 71 b0 .,k&....*K{...q.
0020 - 19 25 66 5b 88 39 ab 51-c8 c6 ad ed 79 c0 15 b2 .%f[.9.Q....y...
0030 - 3f ae db 35 5a b6 95 52-1a a6 34 1e 89 bb dc be ?..5Z..R..4.....
0040 - 54 15 3c 92 c0 55 7e e0-c0 4a 2c dd 6b 8b b3 3d T.<..U~..J,.k..=
0050 - e6 1b 53 3f 4d 30 2f 72-bd 9c 18 0d 3d 62 17 a0 ..S?M0/r....=b..
0060 - 08 a8 32 64 d9 65 06 54-d4 f4 cc 8a 05 8b de 6a ..2d.e.T.......j
0070 - 8c d0 8e a9 9d 68 95 52-ed 71 fa 93 c8 8a b5 a8 .....h.R.q......
0080 - 58 1a 38 47 9d a6 9f 23-f5 c2 42 b6 5f aa 7e a2 X.8G...#..B._.~.
0090 - dc f4 ea 29 d5 8c 1d b6-92 43 4d 09 79 2e 74 1f ...).....CM.y.t.
00a0 - 37 79 2b b8 1a 8a 91 f3-a3 06 c9 4f 54 0e a8 fb 7y ........OT...
Start Time: 1510239128
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
DONEПроверьте код возврата – вы не можете использовать этот сертификат, не отключив проверку SSL-сертификата.
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
Все как и должно быть.
Квалифицированный сертификат
Выполните простую программу сервера SSL / TLS, используя сертификат SSL, его закрытый ключ и промежуточные сертификаты.
$ openssl s_server -no_dhe -accept 8282 -www -key example.com.key -cert example.com.crt -CAfile example.com.intermediate.crt
Выполните простую клиентскую программу SSL / TLS, чтобы проверить этот сертификат.
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=example.com
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
2 s:/O=Digital Signature Trust Co./CN=DST Root CA X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISA8J1sgvKsx7iOY1ME0atryKhMA0GCSqGSIb3DQEBCwUA
[...]
ncpOI1U724 /U6vTitOoSAHb83qroLAmXl0OF0SBl5xawTSMhAf44UEIvV6x2iJT
Ul9lKA4Qgyrl3tiXrOZu
-----END CERTIFICATE-----
subject=/CN=example.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4012 bytes and written 451 bytes
---
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 469596E7A4616EEF91EA3D2344AE9C0FBD4D0E96C4CB0130BC7BCDA7F7DA020E
Session-ID-ctx:
Master-Key: D4DF9C8D2324F51A58EEB5E7D3774F1EE54C9E8E0AB69F7F4EC9E3D3B3A9239992AE832F4C638732B2327ADD35F772CE
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 66 78 90 a9 98 12 11 40-b8 03 44 58 03 1e 92 32 fx.....@..DX...2
0010 - da 55 0f c7 26 d7 5e 60-94 56 02 4a ba ae c5 16 .U..&.^`.V.J....
0020 - b7 c6 9e 1c ed 3f 3b 2a-16 31 87 10 1b f6 1e 44 .....?;*.1.....D
0030 - e5 b4 b8 5c d5 b7 66 0d-b3 44 1d c3 cd 73 26 14 .....f..D...s&.
0040 - 93 aa 00 f9 32 45 84 e5-bc e4 cf c8 3e 4e f9 b0 ....2E......>N..
0050 - b7 f9 53 5a 0c 36 60 8f-bb 4b 90 20 ef 67 30 21 ..SZ.6`..K. .g0!
0060 - 26 49 83 94 04 e4 81 9d-76 bf 44 96 d3 6f 5e 3b &I......v.D..o^;
0070 - 49 c6 80 f3 ea d5 e8 06-4c db 8b 74 fa ed 7e df I.......L..t..~.
0080 - 85 b5 ae 91 97 e6 72 36-39 f6 e4 6e 9e 9a 6a a1 ......r69..n..j.
0090 - 48 d5 2a ee b1 48 6d fb-4b 91 1e 28 70 cd 07 98 H.*..Hm.K..(p...
00a0 - 2c 66 fa 19 33 2d 15 7f-5c 23 31 ff 38 97 12 13 ,f..3-..#1.8...
Start Time: 1510259115
Timeout : 300 (sec)
Verify return code: 0 (ok)
---Проверьте код возврата – вы можете безопасно использовать этот сертификат.
Используйте подробный вывод для дальнейшей проверки всего процесса.
* Added example.com:8282:127.0.0.1 to DNS cache
* Hostname example.com was found in DNS cache
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to example.com (127.0.0.1) port 8282 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [94 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3347 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=example.com
* start date: Oct 28 19:55:12 2021 GMT
* expire date: Jan 26 19:55:12 2021 GMT
* subjectAltName: host "example.com" matched cert's "example.com"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
} [5 bytes data]
> GET :/ HTTP/1.1
> Host: example.com:8282
> User-Agent: curl/7.55.1
> Accept: */*
>
{ [5 bytes data]
* HTTP 1.0, assume close after body
< HTTP/1.0 200 ok
< Content-type: text/html
<
{ [7670 bytes data]
* Closing connection 0
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]Пакет сертификатов haproxy
После проверки сертификата необходимо создать комплект сертификатов domain.pem, который включает сертификат domain.crt, промежуточные сертификаты domain.intermediate.crt и закрытый ключ domain.key.
Именно в таком порядке.
Там больше ничего нет.
Дополнительные примечания
Вы можете использовать веб-браузер вместо curl для проверки локально сохраненного сертификата, но это не очень удобно.
Я отключил эфемерные комплекты алгоритмов DH, но вы можете указать файл параметров DH для использования.
Вы можете использовать openssl s_server для обслуживания файлов по сети, но это просто еще один лакомый кусочек.
Проверьте код возврата (он отличается от кода выхода), так как он четко покажет, что с предоставленными промежуточными сертификатами что-то не так.
Код возврата не является кодом выхода.
Коды возврата описаны на странице руководства verify.
0 X509_V_OK: ok
the operation was successful.
2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate
the issuer certificate of a looked up certificate could not be found. This normally means the list of trusted certificates is not complete.
3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL
the CRL of a certificate could not be found.
4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature
the certificate signature could not be decrypted. This means that the actual signature value could not be determined rather than it not matching the expected value, this is only meaningful for RSA
keys.
5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature
the CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused.
6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key
the public key in the certificate SubjectPublicKeyInfo could not be read.
7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure
the signature of the certificate is invalid.
8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure
the signature of the certificate is invalid.
9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid
the certificate is not yet valid: the notBefore date is after the current time.
10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired
the certificate has expired: that is the notAfter date is before the current time.
11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid
the CRL is not yet valid.
12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired
the CRL has expired.
13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field
the certificate notBefore field contains an invalid time.
14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field
the certificate notAfter field contains an invalid time.
15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field
the CRL lastUpdate field contains an invalid time.
16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field
the CRL nextUpdate field contains an invalid time.
17 X509_V_ERR_OUT_OF_MEM: out of memory
an error occurred trying to allocate memory. This should never happen.
18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate
the passed certificate is self signed and the same certificate cannot be found in the list of trusted certificates.
19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain
the certificate chain could be built up using the untrusted certificates but the root could not be found locally.
20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found.
21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate
no signatures could be verified because the chain contains only one certificate and it is not self signed.
22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long
the certificate chain length is greater than the supplied maximum depth. Unused.
23 X509_V_ERR_CERT_REVOKED: certificate revoked
the certificate has been revoked.
24 X509_V_ERR_INVALID_CA: invalid CA certificate
a CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose.
25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded
the basicConstraints pathlength parameter has been exceeded.
26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose
the supplied certificate cannot be used for the specified purpose.
27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
the root CA is not marked as trusted for the specified purpose.
28 X509_V_ERR_CERT_REJECTED: certificate rejected
the root CA is marked to reject the specified purpose.
29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch
the current candidate issuer certificate was rejected because its subject name did not match the issuer name of the current certificate. Only displayed when the -issuer_checks option is set.
30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch
the current candidate issuer certificate was rejected because its subject key identifier was present and did not match the authority key identifier current certificate. Only displayed when the
-issuer_checks option is set.
31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch
the current candidate issuer certificate was rejected because its issuer name and serial number was present and did not match the authority key identifier of the current certificate. Only
displayed when the -issuer_checks option is set.
32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing
the current candidate issuer certificate was rejected because its keyUsage extension does not permit certificate signing.
50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure
an application specific error. Unused.