Self-signed Certificate

背景

SSL及CA证书机制是浏览器时代的产物,SSL通信的双方,一方为遍布全球的互联网用户,另一方为百花齐放的各种服务,双方不知道不信任对方,不得不采用CA形式来确保安全。
随时代发展很多embeded设备接入互联网,这里相对典型场景有较大差别:首先,embedded device受较低的硬件规格所限,仅访问极少几个互联网服务。
其次,embedded device通常有身份认证机制,即自动加密注册至服务器,与浏览器的明文信息访问方式有所不同。
因此embedded deviceSSL通信的对端往往是一个或者少数几个可信任的服务器,提供有限的一个或数个功能。反之服务器的对端也是认证的可信任设备。SSL通信都知道对方,信任对方可以保护好私钥,能够保证公钥传输,使用Self-signed certificate可以带来收益:
  • 减少整体风险, 构成一个更小的攻击面(自有体系不受CA体系变化的影响)。
  • 节约极小型embedded device存储,可节约大约1MB的存储空间
  • 签发流程简单,减少运维误操作风险
  • 节省采购成本(约几百至几千元每年每个域名)
  • Self-signed certificate可以定制,例如更大的密钥长度 

参考资料

https://en.wikipedia.org/wiki/RSA_(cryptosystem)#cite_note-twirl-34
 

什么是Self-signed certificate?

如下节选自Wikipedia:
In cryptography and computer security, a self-signed certificate is an identity certificatethat is signed by the same entity whose identity it certifies.——wikipedia
Self-signed certificate, 首先是一个身份认证证书, 此证书由一个实体签名, 此实体的身份由其自己认证。
In technical terms a self-signed certificate is one signed with its own private key.——wikipedia
技术上, 一个Self-signed certificate是这样:一个实体使用自己的私钥生成了一个证书,这个证书即为Self-signed certificate。
In typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information).[1]——wikipedia
而与Self-signed certificate相对的,典型的公钥架构约定, 来自(权威)CA( certificate authority)的一个数字签名, 可证明一个公钥证书是合法的,也就是说该合法证书包含的信息全部正确。
 

Self-signed certificate的适用前提

如果SSL通信中的双方, 知道对方,信任对方可以保护好私钥, 并且能够保证公钥的传输的精确性, 则Self-signed certificate可以减少整体性风险, 可构成一个更小的攻击面。
There are at least two reasons why a self-signed certificate based PKI may have decreased overall risk. The first, also shared with private PKI systems, is that they avoid the problems of trusting third parties that may improperly sign certificates. Self-signed certificate transactions usually present a far smaller attack surface by eliminating both the complex certificate chain validation,[2] and CA revocation checks like CRL and OCSP.
————https://en.wikipedia.org/wiki/Self-signed certificate
 

部署方式

  • 新设备
    • 需要新增Self-signed certificate专属域名,专供内嵌了Self-signed certificate的客户端使用。
    • Self-signed certificate,需要预先安装到客户端。而CA根证书在各操作系统已经预装, 无需客户端关心。 
  • 老设备
    • 因此对于正在使用的客户端需要通过OTA方式,过渡到使用Self-signed certificate的方案。
    • 对于个别(出于某些原因)未OTA升级的客户端,需要继续使用通过CA证书加密的域名,因此需要继续维护原来使用CA证书的域名。
 

安全流程及预案

正常情况下,服务端证书有效期较短(默认一年),且key长度默认在2048以上,理论上超级计算机在有效期内也无法破解。
但在实践中,私钥在操作过程中有泄漏的风险,因此建议安全操作流程如下:
  1. 应开发自动化的签发系统,网页端一键申请,后端对私钥使用加密机加密存储,不暴露给任何使用者
  2. 具体步骤如下:
    1. 必须由SRE操作实施
    2. 禁止使用OpenSSL等工具手动生成CA和签发。应使用上述内部运维系统统一自动化签发,以使用公司通用CA,秘钥对使用者不可见,更加安全。自签证书申请页面:
    3. 证书部署后,SRE和研发需使用curl检查服务是否可以建立连接,并且确认证书过期时间正常、issuer信息正常、证书校验ok,如下图所示。
    4. 任何时间,如发现证书泄漏或存在风险,立即吊销证书
 

Self-signed certificate的实施步骤

  • 生成private key

openssl genrsa -des3 -out server.key 3072
Generating RSA private key, 3072 bit long modulus
............++
...............................++
e is 65537 (0x10001)
Enter pass phrase for server.key:xiaoaiscottisgoodai
Verifying - Enter pass phrase for server.key:
注意1024bit长度可能存在安全风险,建议使用2048长度以上(超出量子计算算力之外)
In 2003, RSA Security estimated that 1024-bit keys were likely to become crackable by 2010.[31] As of 2020, it is not known whether such keys can be cracked, but minimum recommendations have moved to at least 2048 bits.[32] It is generally presumed that RSA is secure if n is sufficiently large, outside of quantum computing.
https://en.wikipedia.org/wiki/RSA_(cryptosystem)#cite_note-twirl-34
 
  • 生成证书签名请求文件

CSR是Certificate Signing Request,即证书签名请求文件,是证书申请者在申请数字证书时由CSP(加密服务提供者)在生成私钥的同时也生成证书请求文件,证书申请者只要把CSR文件提交给证书颁发机构后,证书颁发机构使用其根证书私钥签名就生成了证书公钥文件,也就是颁发给用户的证书。
openssl req -new -key server.key -out server.csr -config /private/etc/ssl/openssl.cnf
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
CN []:cn
bj []:bj
beijing []:bk
xiaogu []:xiaogu
intelligenthardware []:intelligenthardware
CN[] *.xiaogu.com #绑定域名
Email Address []:scott@xiaogu.com
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:xiaoaiscottisgoodai

自生成CA(30年有效)

root证书保存为root.crt,私钥key保存为root.key:
openssl req -new -x509 -keyout root.key -out root.crt -config /private/etc/ssl/openssl.cnf -days 9990
Generating a 2048 bit RSA private key
....+++
.....................................................................+++
writing new private key to 'root.key'
Enter PEM pass phrase: xiaoaiscottisgoodai
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:cn
State or Province Name (full name) []:bj
Locality Name (eg, city) []:bk
Organization Name (eg, company) []:xiaogu
Organizational Unit Name (eg, section) []:intelligenthardware
Common Name (eg, fully qualified host name) []:scott root ca 2021 2051
Email Address []:scott@xiaogu.com

查看生成的CA cert

openssl x509 -in root2.crt -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 12330660770649010364 (0xab1f4ea3e860f0bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=cn, ST=bj, L=bk, O=xiaogu, OU=intelligenthardware, CN=scott root ca 2021 2051/emailAddress=scott@xiaogu.com
Validity
Not Before: Aug 16 06:42:32 2021 GMT
Not After : Dec 22 06:42:32 2048 GMT
Subject: C=cn, ST=bj, L=bk, O=xiaogu, OU=intelligenthardware, CN=scott root ca 2021 2051/emailAddress=scott@xiaogu.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bd:98:3e:20:05:d2:5e:fe:f6:01:95:ee:d7:9b:

准备配置文件

 
[ ca ]
default_ca = CA_default
 
[ CA_default ]
dir = /Users/scottg/projects/study/demoCA # 指定了CA的根目录
certs = $dir/certs # 已经签发的证书的存储目录
crl_dir = $dir/crl # 存储证书吊销列表的目录
database = $dir/index.txt # 数据库的索引文件,用来存放签发证书的信息。
#unique_subject = no #设置为’no’表示允许同时创建多个相同主题的证书。
new_certs_dir = $dir/newcerts # 设置存放新签发的证书的默认位置
Certificate = $dir/root.crt # 指定CA证书
serial = $dir/serial # 指定存放当前序列号的文件
crl = $dir/crl.pem # 当前的CRL
private_key = $dir/root.key # CA的私钥
RANDFILE = $dir/root/.rand #指明一个用来读写时候产生random key的seed文件。
# SHA-1 is deprecated, so use SHA-2 instead.
default_md = sha256
 
default_days = 375
preserve = no
policy = policy_strict
 
[ policy_strict ]
# The root CA should only sign intermediate certificates that match.
# See the POLICY FORMAT section of `man ca`.
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

为证书申请者(的csr文件)签名

openssl ca -in server.csr -out server.crt -cert root.crt -keyfile root.key
Using configuration from /private/etc/ssl/openssl.cnf
Enter pass phrase for root.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'cn'
stateOrProvinceName :ASN.1 12:'bj'
localityName :ASN.1 12:'bk'
organizationName :ASN.1 12:'xiaogu'
organizationalUnitName:ASN.1 12:'intelligenthardware'
commonName :ASN.1 12:'scott ca 2021'
emailAddress :IA5STRING:'scott@xiaogu.com'
Certificate is to be certified until Aug 26 04:22:34 2022 GMT (375 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
如上一年有效期的证书已生成,注意,建议有效期设置为1-2年,

生成的证书示例

Certificate:
Data:
Version: 1 (0x0)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=cn, ST=bj, L=bk, O=xiaogu, OU=intelligenthardware, CN=scott root ca/emailAddress=scott@xiaogu.com
Validity
Not Before: Aug 16 04:22:34 2021 GMT
Not After : Aug 26 04:22:34 2022 GMT
Subject: C=cn, ST=bj, O=xiaogu, OU=intelligenthardware, CN=scott ca 2021/emailAddress=scott@xiaogu.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (3072 bit)
Modulus:
00:d8:1f:4e:88:96:63:ba:a8:b2:bc:8f:2e:4e:3f:
至此Self-signed certificate已成功生成,示例证书有效期一年,每年过期前重新生成新的证书并部署即可。
 
 
posted @ 2021-08-16 18:15  ScottGu  阅读(3556)  评论(1编辑  收藏  举报