ssl – Creating a *.local SSL Certificate with OpenSSL

apache-virtualhostcertificatesopensslssl

I am trying to set up a single SSL certificate that will make any *.local website work over https. I have all .local domains pointing back to my local machine. I use these when developing websites. A lot of new features (geo location, service workers etc.) require an SSL.

I believe that for recent versions of Chrome/Firefox, an old school self-signed certificate no longer works.

Below are the steps I have taken after following a combination of these guides:
https://deliciousbrains.com/https-locally-without-browser-privacy-errors/

https://codeghar.wordpress.com/2008/03/17/create-a-certificate-authority-and-certificates-with-openssl/

https://stackoverflow.com/questions/27294589/creating-self-signed-certificate-for-domain-and-subdomains-neterr-cert-commo

Here is my config file:

#..................................
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = /home/*****/Sites/root-ca
serial = $dir/serial
database = $dir/index.txt
new_certs_dir = $dir/certs
certificate = $dir/certs/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 3000
default_md = sha256
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
copy_extensions = copyall
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 2048 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing.
# Variable name Value
#------------------------ ------------------------------
0.organizationName_default = *****
localityName_default = *****
stateOrProvinceName_default = *****
countryName_default = *****
emailAddress_default = *****
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
subjectAltName       = @alternate_names
[ v3_req ]
subjectKeyIdentifier = hash
basicConstraints     = CA:FALSE
keyUsage             = digitalSignature, keyEncipherment
subjectAltName       = @alternate_names
nsComment            = "OpenSSL Generated Certificate"

[ alternate_names ]

DNS.1       = *.local

I first create a new certificate authority:

openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out certs/cacert.pem -days 3000 -config conf/caconfig.cnf

I have given the Common name here as my name

Common Name (hostname, IP, or your name) []:Jonathan Hodgson

The file certs/cacert.pem I then import into chromium's authorities which works without a problem.

I then create a certificate request:

openssl req -extensions v3_req -new -nodes -out local.req.pem -keyout private/local.key.pem -config conf/caconfig.cnf

I have given the Common name here as *.local

Common Name (hostname, IP, or your name) []:*.local

I then sign the request:

openssl ca -out certs/local.cert.pem  -config conf/caconfig.cnf -infiles local.req.pem

I add the files to my http config:

<VirtualHost *:80>
    ServerName test.local
    ServerAlias *.local
    VirtualDocumentRoot /home/jonathan/Sites/%-2/public_html
    CustomLog /home/jonathan/Sites/access.log vhost_combined
    ErrorLog /home/jonathan/Sites/error.log
</VirtualHost>

<VirtualHost *:443>
    ServerName test.local
    ServerAlias *.local
    VirtualDocumentRoot /home/jonathan/Sites/%-2/public_html
    CustomLog /home/jonathan/Sites/access.log vhost_combined
    ErrorLog /home/jonathan/Sites/error.log
    SSLEngine On
    SSLCertificateFile /home/jonathan/Sites/root-ca/certs/local.cert.pem
    SSLCertificateKeyFile /home/jonathan/Sites/root-ca/private/local.key.pem
</VirtualHost>

I have restarted apache but I am still getting NET::ERR_CERT_COMMON_NAME_INVALID

I was under the impression that this was because I needed to add the subjectAltName to the config file which I have done.

Please let me know what I should do differently.

Thanks in advance for any help

Edit

I think the problem is to do with the wildcard. If I set the alternate_names to example.local and the Common name for the request to example.local, example.local shows as secure in both Chrome and Firefox.

I tried to set DNS.1 to local and DNS.2 to *.local, I then just got ERR_SSL_SERVER_CERT_BAD_FORMAT in chrome and SEC_ERROR_REUSED_ISSUER_AND_SERIAL in firefox. I definitely reset my serial file and my index file before generating the certificates.

Best Answer

You added SAN to the CSR but you didn't tell ca to include extensions from the CSR in the certificate. See https://security.stackexchange.com/questions/150078/missing-x509-extensions-with-an-openssl-generated-certificate or the man page for ca also on the web at copy_extensions

EDIT: You also need to specify x509_extensions in the ca config, or equivalent but less convenient the commandline option -extensions, in either case pointing to a section that exists but can be empty if you don't want any CA-required extensions. I didn't notice this at first because I had never tried the case of extensions from CSR only and not config, which is unrealistic for most CAs. If you specify copy_extensions other than none (and the CSR has some) but don't specify x509_extensions then ca does put the extensions in the cert but does not set the cert version to v3 as is required by standards (like rfc5280) when extensions are present.

It's arguable if this is a bug; the manpage says x509_extensions/extensions controls the v3 setting, and by not saying any similar thing about copy_extensions implies that does not, but IMHO it's certainly a very suboptimal feature. EDIT: it is a bug and will be fixed but until then use the workaround, see https://unix.stackexchange.com/a/394465/59699

HOWEVER: in my test, this didn't actually solve your problem. Even though the cert has *.local in SAN and CN and is (now) otherwise valid, my Firefox (53.0.2) and Chrome (59.0.3071.109) still reject it with SSL_ERROR_CERT_DOMAIN_ERROR and ERR_CERT_COMMON_NAME_INVALID respectively. I guessed they might not be excluding local from the normal 2+-level logic and tried *.example.local: Chrome does accept that, but Firefox doesn't. I also tried *.example.org and both Chrome and IE11 like that but still not Firefox (and of course assigning yourself names in real TLDs like .org is not the way DNS is supposed to work).

This has me stuck. With some work OpenSSL can be made to generate a cert containing almost anything you want, but what Firefox and Chrome will accept I do not know. I will try to look into that and update if I find anything.

~~I hope you mean~~ you gave *.local as the CommonName only for the server CSR and NOT for the CA (self-signed) cert. If Subject names for CA and leaf certs are the same nothing will work reliably. EDIT: your edited Q confirms they were correctly different. Although it does not mention also specifying Country, State, and Organization as is required by the ca policy you used.

Note 'self-signed' is a term of art and means signed with the same key. Your CA cert is self-signed. Your server cert is signed by you yourself using your own key but it is not self-signed. Trying to apply instructions for a self-signed cert to a not-self-signed cert was part of your problem.

And Gilles point about md5 for the signature algorithm is also correct.

EDIT: 'resetting' serial (and index) for an openssl ca setup is a bad idea, unless you permanently discard the CA cert and name they were used for. The standards say a given CA must not issue more than one cert with the same serial value in the cert, and the serial file is the way openssl ca (and also x509 -req) implements this. 'Real' (public) CAs nowadays no longer use a simple counter but include entropy to block collision attacks on PKI -- google hashclash -- but this is not an issue for a personal CA like yours. I can readily believe a browser (or other relier) being unhappy if it sees multiple certs with the same serial and CA name, although I would NOT expect a browser to persistently store a leaf cert -- and thus see both the old and new ones in one process unless long-running -- unless you import it to the applicable store, including in Firefox if you make it a permanent 'exception'.

Example

$ openssl s_client -connect encrypted.google.com:443 < /dev/null | head -10
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.google.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
...
...
DONE

If you use this command you'll notice the CN that was used when generating the SSL certs:

$ openssl s_client -connect encrypted.google.com:443 < /dev/null|& grep "CN.*google"
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.google.com
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com

So the browser will confirm that the hostname that's serving this cert falls within the hierarchy of the CN=... that's included in the cert.

SNI

It used to be the case that you had to have a specific IP address set aside for each SSL server's hostname that you wanted to make use of over HTTPS. However this is no longer the case thanks to SNI (Server Name Indication).

excerpt

This works really well when a site has one SSL certificate installed per IP address (this used to be a hard requirement). With Server Name Indication (SNI), a web server can have multiple SSL certificates installed on the same IP address. SNI-capable browsers will specify the hostname of the server they’re trying to reach during the initial handshake process. This allows the web server to determine the correct SSL certificate to use for the connection.

Again using openssl you can simulate what your browser would be doing in this scenario:

$ openssl s_client -connect someserver:443 -servername sslsite-example.com

excerpt

SSL negotiation must occur prior to sending the HTTP request through to the remote server. That means that the browser and the server have to do the certificate exchange earlier in the process and the browser wouldn’t get the opportunity to specify which site it’s trying to reach. SNI fixes that by allowing a Host: header type of exchange during the SSL negotiation process.

Best Answer

Related Solutions

Linux openssl CN/Hostname verification against SSL certificate

Example

SNI

References

Related Question