Can’t verify an openssl certificate against a self signed openssl certificate

certificateopensslssltrusted-root-certificates

I am creating simple two certificates; one is a root certificate and the other one is a server certificate. The latter has the rootcert.pem and rootprivkey.pem assigned to be used in the flags -CA and CAkey respectively. I have installed the root certificate in system and ran sudo update-cacertificates as well. After many tries I couldn't bring openssl to verify the server certificate against the self signed certificate. It gives me this error:

error 20 at 0 depth lookup: unable to get local issuer certificate
error servercrt.pem: verification failed

Note : I don't have intermediate certificates.

Now, how do I solve this problem?

EDIT:

Commands used for generation and verification

openssl req -new -newkey rsa:4096 -keyout rootprivkey.pem -out rootreq.pem -config openssl.cnf -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
openssl ca -out rootcrt.pem -days 2652 -keyfile rootprivkey.pem -selfsign -config openssl.cnf -infiles rootreq.pem
openssl req -new -newkey rsa:4096 -keyout serverprivkey.pem -out serverreq.pem -config openssl.cnf
openssl x509 -req -in serverreq.pem -days 1200 -CA rootcrt.pem -CAkey rootprivkey.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out servercrt.pem -set_serial 01
openssl verify -CAfile rootcrt.pem servercrt.pem

openssl.cnf

#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# You might want to copy this into /etc/ssl/ or define OPENSSL_CONF
#

# This definition stops the following lines choking if HOME isn't
# defined.
HOME                    = .
RANDFILE                = $ENV::HOME/.rnd

# Extra OBJECT IDENTIFIER info:
#oid_file               = $ENV::HOME/.oid
oid_section             = new_oids

# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions            = 
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)

[ new_oids ]

# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6

# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7

####################################################################
[ ca ]
default_ca      =  CA_default                           # The default ca section

####################################################################
[ CA_default ]

dir             = .                                     # Where everything is kept
certs           = $dir                          # Where the issued certs are kept
crldir          = $dir                              # Where the issued crl are kept
database        = $dir                       # database index file.
unique_subject  = yes                                   # Set to 'no' to allow creation of
                                                        # several ctificates with same subject.
new_certs_dir   = $certs                                # default place for new certs.

certificate     = $certs/rootcrt.pem                    # The CA certificate
serial          = $dir/serial.txt                       # The current serial number
crlnumber       = $dir/crlnumber                        # the current crl number
                                                        # must be commented out to leave a V1 CRL
crl             = $crldir/crl.pem                       # The current CRL
private_key     = $dir/private/rootprivkey.pem          # The private key
RANDFILE        = $dir/private/.rand                    # private random number file

#x509_extensions        = usr_cert                              # The extentions to add to the cert

# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt        = ca_default                            # Subject Name options
cert_opt        = ca_default                            # Certificate field options

# Extension copying option: use with caution.
copy_extensions = copy

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.

# crl_extensions        = crl_ext

default_days    = 365           # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md      = default               # use public key default MD
preserve        = no                    # keep passed DN ordering

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy          = policy_match

# For the CA policy
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

####################################################################
[ req ]
default_bits            = 4096
default_keyfile         = priv.key.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes
x509_extensions         = v3_ca             
req_extensions          = v3_req


# req_extensions = v3_req # The extensions to add to a certificate request

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = 
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = 
localityName                    = Locality Name (eg, city)
localityName_default            = 

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = 

# SET-ex3                       = SET extension number 3

[ req_attributes ]
#challengePassword              = A challenge password
#challengePassword_min          = 4
#challengePassword_max          = 20
#unstructuredName               = An optional company name

[ usr_cert ]

# These extensions are added when 'ca' signs a request.

# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.

basicConstraints=CA:FALSE

# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer

[ v3_req ]

# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true

Best Answer

The above config file fails to generate the Root CA certificate in the first place because it doesn't have a CommonName entry. I'm assuming that was a typo or copy/paste error and the rest of the config file is the actual one used.

Your certificate verification fails because your Root CA has the BasicConstraint extensions set to CA:False. That is, it is not a CA and therefore as far as verification is concerned, cannot be used to verify the digital signature on other certificates.

You need to alter your config file so that the command used to generate the CA certificate uses: basicConstraints = CA:true. To make it RFC 5280 compliant, you should also add the critical flag and use basicConstraints = critical,CA:true.

Your approach is somewhat disjointed. Try the following:

Create an OpenSSL config file for the CA (./openssl.cnf)

################ Req Section ################
# This is used by the `openssl req` command
# to create a certificate request

[ req ]

# Don't prompt for the DN, use configured values instead
# This saves having to type in your DN each time.

prompt             = no
string_mask        = default
distinguished_name = req_dn

# The size of the keys in bits:
default_bits       = 4096

# The extensions added when generating a CSR
req_extensions     = req_ext

[ req_dn ]

countryName            = GB
stateOrProvinceName    = Somewhere
organizationName       = Example
organizationalUnitName = PKI
commonName             = Example Test Root CA

[ req_ext ]

# Extensions added to the request

################ CA Section ################
# This is used with the 'openssl ca' command
# to sign a request

[ ca ]

default_ca = CA

[ CA ]

# Where OpenSSL stores information

dir             = .                             # Where everything is kept
certs           = $dir                          # Where the issued certs are kept
crldir          = $dir                          # Where the issued crl are kept

new_certs_dir   = $certs
database        = $dir/index
certificate     = $certs/rootcrt.pem
private_key     = $dir/rootprivkey.pem
crl             = $crldir/crl.pem   
serial          = $dir/serial.txt
RANDFILE        = $dir/.rand

# How OpenSSL will display certificate after signing
name_opt    = ca_default
cert_opt    = ca_default

# How long the CA certificate is valid for
default_days = 3650
# default_startdate  = 180517000000Z
# default_enddate    = 181231235959Z

# The message digest for self-signing the certificate
# sha1 or sha256 for best compatability, although most
# OpenSSL digest algorithm can be used.
# md4,md5,mdc2,rmd160,sha1,sha256
default_md = sha256

# Subjects don't have to be unique in this CA's database
unique_subject    = no
# What to do with CSR extensions
copy_extensions    = copy

# Rules on mandatory or optional DN components
policy      = simple_policy

# Extensions added while singing with the `openssl ca` command
x509_extensions = x509_ext

[ simple_policy ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = optional
domainComponent         = optional
emailAddress            = optional
name                    = optional
surname                 = optional
givenName               = optional
dnQualifier             = optional

[ ca_ext ]
# Optional extensions. Use `-extensions ca_ext`
# These extensions are for a CA certificate

subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always

basicConstraints            = critical, CA:TRUE
# basicConstraints          = critical, CA:TRUE, pathlen:1

keyUsage = critical, keyCertSign, cRLSign

# Policies and constraints are not recommended for Root CAs
# But could be enforced on subordinate CAs

#nameConstraints        = permitted;DNS:example.org

#policyConstraints = requireExplicitPolicy:1

#inhibitAnyPolicy = 1

#certificatePolicies = @CertPol

[ x509_ext ]
#Default extensions
# These extensions are for an end-entity certificate

# Extensions added when using the `openssl ca` command.
# This section is pointed to by `x509_extensions` above.

subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always

# No basicConstraints extension is equal to CA:False
# basicConstraints      = critical, CA:False

keyUsage = critical, digitalSignature

# Policies and constraints are not recommended for Root CAs
# But could be enforced on subordinate CAs

#nameConstraints        = permitted;DNS:example.org

#policyConstraints = requireExplicitPolicy:1

#inhibitAnyPolicy = 1

#certificatePolicies = @CertPol

[ CertPol ]
policyIdentifier = 1.3.6.1.4.132473
CPS = http://pki.example.org/cps.html

Next, create your request using a similar command to the one you used:

$ openssl req -new -newkey rsa:4096 -keyout rootprivkey.pem -out rootreq.pem -config openssl.cnf

Note that the -sigopt options have been removed as the signature at this point is the request signature used for proof of possession of private key and not the signature of the certificate itself - that's later.

Next, sign it to create the self-signed CA certificate:

$ openssl ca -out rootcrt.pem -days 2652 -keyfile rootprivkey.pem -selfsign -config openssl.cnf -extensions ca_ext -in rootreq.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1

Note that this uses openssl ca instead of openssl x509 which means you can refer to a custom openssl.cnf file. Also note the use of the -extensions option to point the command to a specific section of the config file. Finally, note that the -sigopt options have been moved here as this is the command that signs your CA certificate and therefore should have your PSS scheme.

Next, create a separate OpenSSL config file for your server/end-entity certificate (./server.cnf).

# OpenSSL server/end-entity configuration

[ req ]

string_mask        = default

# The size of the keys in bits:
default_bits       = 2048
distinguished_name = req_dn
req_extensions     = req_ext

[ req_dn ]

countryName                     = Country Name (2 letter code)
countryName_default             = 
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = 
localityName                    = Locality Name (eg, city)
localityName_default            = 

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = 

commonName                      = Common Name

[ req_ext ]

# Careful...
#basicConstraints=critical,CA:TRUE

# subjectAltName = @alt_names

[alt_names]
# To copy the CN (in the case of a DNS name in the CN) use:
# DNS = ${req_dn::commonName}

Run a similar command to the one you used, but with the config file changed.

$ openssl req -new -newkey rsa:4096 -keyout serverprivkey.pem -out serverreq.pem -config server.cnf

Finally, sign it with the CA:

$ openssl ca -in serverreq.pem -days 1200 -cert rootcrt.pem -keyfile rootprivkey.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out servercrt.pem -config openssl.cnf

Note that there is no -extensions option on this one, so OpenSSL defaults to the section pointed to by the x509_extensions = option in openssl.cnf.

You can now verify the certificates:

$ openssl verify -CAfile rootcrt.pem servercrt.pem
servercrt.pem: OK

Best Answer

Related Solutions

Can self-signed SSL certificate be renewed? How

Openssl pkcs12 keeps removing the PEM passphrase from keystore’s entry

Related Question