Self-signed Certificate

背景

SSL及CA證書機制是瀏覽器時代的產物，SSL通信的雙方，一方為遍布全球的互聯網用戶，另一方為百花齊放的各種服務，雙方不知道不信任對方，不得不采用CA形式來確保安全。

隨時代發展很多embeded設備接入互聯網，這里相對典型場景有較大差別：首先，embedded device受較低的硬件規格所限，僅訪問極少幾個互聯網服務。

其次，embedded device通常有身份認證機制，即自動加密注冊至服務器，與瀏覽器的明文信息訪問方式有所不同。

因此embedded deviceSSL通信的對端往往是一個或者少數幾個可信任的服務器，提供有限的一個或數個功能。反之服務器的對端也是認證的可信任設備。SSL通信都知道對方，信任對方可以保護好私鑰，能夠保證公鑰傳輸，使用Self-signed certificate可以帶來收益：

• 減少整體風險， 構成一個更小的攻擊面（自有體系不受CA體系變化的影響）。
• 節約極小型embedded device存儲，可節約大約1MB的存儲空間
• 簽發流程簡單，減少運維誤操作風險
• 節省采購成本（約幾百至幾千元每年每個域名）
• Self-signed certificate可以定制，例如更大的密鑰長度 

參考資料

https://en.wikipedia.org/wiki/Self-signed certificate

https://en.wikipedia.org/wiki/RSA_(cryptosystem)#cite_note-twirl-34

ca證書

公鑰基礎設施

 

什么是Self-signed certificate？

如下節選自Wikipedia：

In cryptography and computer security, a self-signed certificate is an identity certificatethat is signed by the same entity whose identity it certifies.——wikipedia

Self-signed certificate， 首先是一個身份認證證書， 此證書由一個實體簽名， 此實體的身份由其自己認證。

In technical terms a self-signed certificate is one signed with its own private key.——wikipedia

技術上， 一個Self-signed certificate是這樣：一個實體使用自己的私鑰生成了一個證書，這個證書即為Self-signed certificate。

In typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information). [1] ——wikipedia

而與Self-signed certificate相對的，典型的公鑰架構約定， 來自(權威)CA（ certificate authorit y）的一個數字簽名， 可證明一個公鑰證書是合法的，也就是說該合法證書包含的信息全部正確。

 

Self-signed certificate的適用前提

如果SSL通信中的雙方， 知道對方，信任對方可以保護好私鑰， 並且能夠保證公鑰的傳輸的精確性， 則Self-signed certificate可以減少整體性風險， 可構成一個更小的攻擊面。

There are at least two reasons why a self-signed certificate based PKI may have decreased overall risk. The first, also shared with private PKI systems, is that they avoid the problems of trusting third parties that may improperly sign certificates. Self-signed certificate transactions usually present a far smaller attack surface by eliminating both the complex certificate chain validation, [2] and CA revocation checks like CRL and OCSP.

————https://en.wikipedia.org/wiki/Self-signed certificate

 

部署方式

• 新設備
  • 需要新增Self-signed certificate專屬域名，專供內嵌了Self-signed certificate的客戶端使用。
  • Self-signed certificate，需要預先安裝到客戶端。而CA根證書在各操作系統已經預裝， 無需客戶端關心。 
• 老設備
  • 因此對於正在使用的客戶端需要通過OTA方式，過渡到使用Self-signed certificate的方案。
  • 對於個別（出於某些原因）未OTA升級的客戶端，需要繼續使用通過CA證書加密的域名，因此需要繼續維護原來使用CA證書的域名。

 

安全流程及預案

正常情況下，服務端證書有效期較短（默認一年），且key長度默認在2048以上， 理論上超級計算機在有效期內也無法破解。

但在實踐中，私鑰在操作過程中有泄漏的風險，因此建議安全操作流程如下：

1. 應開發自動化的簽發系統，網頁端一鍵申請，后端對私鑰使用加密機加密存儲，不暴露給任何使用者
2. 具體步驟如下：
3. 1. 必須由SRE操作實施
   2. 禁止使用OpenSSL等工具手動生成CA和簽發。應使用上述內部運維系統統一自動化簽發，以使用公司通用CA，秘鑰對使用者不可見，更加安全。自簽證書申請頁面：
   3. 證書部署后，SRE和研發需使用curl檢查服務是否可以建立連接，並且確認證書過期時間正常、issuer信息正常、證書校驗ok，如下圖所示。
   4. 任何時間，如發現證書泄漏或存在風險，立即吊銷證書

 

Self-signed certificate的實施步驟

• 生成private key

openssl genrsa -des3 -out server.key 3072

Generating RSA private key, 3072 bit long modulus

............++

...............................++

e is 65537 (0x10001)

Enter pass phrase for server.key:xiaoaiscottisgoodai

Verifying - Enter pass phrase for server.key:

注意1024bit長度可能存在安全風險，建議使用2048長度以上（超出量子計算算力之外）

In 2003, RSA Security estimated that 1024-bit keys were likely to become crackable by 2010. [31] As of 2020, it is not known whether such keys can be cracked, but minimum recommendations have moved to at least 2048 bits. [32] It is generally presumed that RSA is secure if n is sufficiently large, outside of quantum computing.

https://en.wikipedia.org/wiki/RSA_(cryptosystem)#cite_note-twirl-34

 

• 生成證書簽名請求文件

CSR是Certificate Signing Request，即證書簽名請求文件，是證書申請者在申請數字證書時由CSP(加密服務提供者)在生成私鑰的同時也生成證書請求文件，證書申請者只要把CSR文件提交給證書頒發機構后，證書頒發機構使用其根證書私鑰簽名就生成了證書公鑰文件，也就是頒發給用戶的證書。

openssl req -new -key server.key -out server.csr -config /private/etc/ssl/openssl.cnf

Enter pass phrase for server.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

CN []:cn

bj []:bj

beijing []:bk

xiaogu []:xiaogu

intelligenthardware []:intelligenthardware

CN[] *.xiaogu.com #綁定域名

Email Address []:scott@xiaogu.com

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:xiaoaiscottisgoodai

自生成CA（30年有效）

root證書保存為root.crt，私鑰key保存為root.key：

openssl req -new -x509 -keyout root.key -out root.crt -config /private/etc/ssl/openssl.cnf -days 9990

Generating a 2048 bit RSA private key

....+++

.....................................................................+++

writing new private key to 'root.key'

Enter PEM pass phrase: xiaoaiscottisgoodai

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) []:cn

State or Province Name (full name) []:bj

Locality Name (eg, city) []:bk

Organization Name (eg, company) []:xiaogu

Organizational Unit Name (eg, section) []:intelligenthardware

Common Name (eg, fully qualified host name) []:scott root ca 2021 2051

Email Address []:scott@xiaogu.com

查看生成的CA cert

openssl x509 -in root2.crt -text

Certificate:

Data:

Version: 1 (0x0)

Serial Number: 12330660770649010364 (0xab1f4ea3e860f0bc)

Signature Algorithm: sha256WithRSAEncryption

Issuer: C=cn, ST=bj, L=bk, O=xiaogu, OU=intelligenthardware, CN=scott root ca 2021 2051/emailAddress=scott@xiaogu.com

Validity

Not Before: Aug 16 06:42:32 2021 GMT

Not After : Dec 22 06:42:32 2048 GMT

Subject: C=cn, ST=bj, L=bk, O=xiaogu, OU=intelligenthardware, CN=scott root ca 2021 2051/emailAddress=scott@xiaogu.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (2048 bit)

Modulus:

00:bd:98:3e:20:05:d2:5e:fe:f6:01:95:ee:d7:9b:

准備配置文件

 

[ ca ]

default_ca = CA_default

 

[ CA_default ]

dir = /Users/scottg/projects/study/demoCA # 指定了CA的根目錄

certs = $dir/certs # 已經簽發的證書的存儲目錄

crl_dir = $dir/crl # 存儲證書吊銷列表的目錄

database = $dir/index.txt # 數據庫的索引文件，用來存放簽發證書的信息。

#unique_subject = no #設置為’no’表示允許同時創建多個相同主題的證書。

new_certs_dir = $dir/newcerts # 設置存放新簽發的證書的默認位置

Certificate = $dir/root.crt # 指定CA證書

serial = $dir/serial # 指定存放當前序列號的文件

crl = $dir/crl.pem # 當前的CRL

private_key = $dir/root.key # CA的私鑰

RANDFILE = $dir/root/.rand #指明一個用來讀寫時候產生random key的seed文件。

# SHA-1 is deprecated, so use SHA-2 instead.

default_md = sha256

 

default_days = 375

preserve = no

policy = policy_strict

 

[ policy_strict ]

# The root CA should only sign intermediate certificates that match.

# See the POLICY FORMAT section of `man ca`.

countryName = match

stateOrProvinceName = match

organizationName = match

organizationalUnitName = optional

commonName = supplied

emailAddress = optional

為證書申請者(的csr文件)簽名

openssl ca -in server.csr -out server.crt -cert root.crt -keyfile root.key

Using configuration from /private/etc/ssl/openssl.cnf

Enter pass phrase for root.key:

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName :PRINTABLE:'cn'

stateOrProvinceName :ASN.1 12:'bj'

localityName :ASN.1 12:'bk'

organizationName :ASN.1 12:'xiaogu'

organizationalUnitName:ASN.1 12:'intelligenthardware'

commonName :ASN.1 12:'scott ca 2021'

emailAddress :IA5STRING:'scott@xiaogu.com'

Certificate is to be certified until Aug 26 04:22:34 2022 GMT (375 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

如上一年有效期的證書已生成，注意，建議有效期設置為1-2年，

生成的證書示例

Certificate:

Data:

Version: 1 (0x0)

Serial Number: 4096 (0x1000)

Signature Algorithm: sha256WithRSAEncryption

Issuer: C=cn, ST=bj, L=bk, O=xiaogu, OU=intelligenthardware, CN=scott root ca/emailAddress=scott@xiaogu.com

Validity

Not Before: Aug 16 04:22:34 2021 GMT

Not After : Aug 26 04:22:34 2022 GMT

Subject: C=cn, ST=bj, O=xiaogu, OU=intelligenthardware, CN=scott ca 2021/emailAddress=scott@xiaogu.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (3072 bit)

Modulus:

00:d8:1f:4e:88:96:63:ba:a8:b2:bc:8f:2e:4e:3f:

至此Self-signed certificate已成功生成，示例證書有效期一年，每年過期前重新生成新的證書並部署即可。