x509v3扩展配置
# github证书格式
# 下载 github 证书
openssl s_client -connect github.com:443 -showcerts | sed -n '/-----BEGIN/,/-----END/p' > github.com.crt
# 打印证书内容
openssl x509 -in github.com.crt -text -noout
2
3
4
5
github证书内容如下:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:d0:a8:be:c6:32:cf:e6:45:ec:a0:a9:b0:84:fb:1c
Signature Algorithm: ecdsa-with-SHA384
Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
Validity
Not Before: Feb 14 00:00:00 2023 GMT
Not After : Mar 14 23:59:59 2024 GMT
Subject: C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:a3:a4:03:46:03:df:46:51:56:cb:c9:39:ab:22:
cd:e7:6c:59:96:7a:93:a0:fb:b9:40:1c:90:32:88:
36:c6:09:76:9c:50:f5:55:f7:76:5e:68:20:9c:ee:
22:ed:83:0c:15:30:10:41:44:5e:32:ac:90:a1:d5:
aa:f2:e5:43:b3
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A
X509v3 Subject Key Identifier:
C7:07:27:78:85:F2:9D:33:C9:4C:5E:56:7D:5C:D6:8E:72:67:EB:DE
X509v3 Subject Alternative Name:
DNS:github.com, DNS:www.github.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
X509v3 Basic Constraints:
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Feb 14 16:58:33.338 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E4:16:AE:D3:E2:2C:BA:82:9F:A9:79:
F2:4B:C6:94:52:ED:4D:E0:87:CC:50:CA:69:B1:B4:8F:
05:77:3A:94:EB:02:21:00:B5:9F:C3:F9:CB:0F:AD:D0:
60:F2:30:1B:71:05:72:12:0D:BD:65:1F:07:A9:9C:53:
4B:76:95:12:04:A6:BF:2E
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Feb 14 16:58:33.387 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:1E:3C:60:32:7E:20:51:F5:D6:E1:AF:7D:
4D:F5:97:C4:48:2E:46:57:6B:86:05:37:32:4F:25:04:
36:B1:F7:B7:02:21:00:FC:09:7E:C0:7C:03:83:26:36:
BD:A7:5B:EB:1D:13:59:F6:62:20:8E:6D:6F:B7:0D:31:
EB:DB:F5:11:EE:5B:D4
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
Timestamp : Feb 14 16:58:33.402 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:CC:E0:6B:F4:E6:74:FB:A3:92:67:21:
53:8B:2C:0D:EB:83:F2:B0:DD:05:2D:E2:D1:C8:BE:63:
98:4B:18:AC:36:02:21:00:EE:D2:3B:60:5A:23:08:29:
4E:82:33:47:4A:72:A5:16:2E:46:85:13:6D:DC:DA:25:
80:85:80:07:AA:B1:51:47
Signature Algorithm: ecdsa-with-SHA384
30:64:02:30:04:dc:0d:d4:de:34:99:0a:9c:1f:a8:e1:c1:76:
5c:62:f4:04:a0:29:35:3e:c2:0d:2a:c3:71:6a:b5:f4:37:d4:
ec:0b:60:57:71:87:43:25:36:4f:c7:c2:48:d1:49:68:02:30:
56:d0:bc:c9:17:10:fb:cd:be:fe:2d:df:42:ba:c6:da:46:db:
aa:a6:67:ee:8e:88:84:81:20:85:cc:96:35:a7:b2:26:11:d6:
0c:99:9d:3c:c8:83:70:10:4b:0e:15:9b
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
我们可以看到,证书主要包含两个部分, 分别为 数据载体和数据签名,其中数据签名使用ca的私钥对数据载体进行数据hash后的结果。我们主要看数据载体的内容。
数据载体主要包括:
- 证书颁发者信息 (Issuer)
- 证书主体信息 (Validity、Subject、Subject Public Key Info)
- 证书扩展信息 (X509v3 extensions)
下面,我们主要解释一下证书扩展信息相关参数信息
# 配置参数书写格式
配置项可以写成单行(短形式),如下
# name = [critical, ]value(s)
basicConstraints = critical, CA:true, pathlen:1
2
3
也可以写成多行(长形式)形式:
[extensions]
basicConstraints = critical, @basic_constraints
[basic_constraints]
CA = true
pathlen = 1
# url = URI:ldap://somehost.com/CN=foo,OU=bar multi-valued包含“,”,必须写为多行形式
2
3
4
5
6
7
8
如果多值 value 中包含,,则必须写成多行形式(长形式)
其中value的格式主要有一下四类,我们编写配置的时候,主要用到前面两个(string、multi-valued):
string
multi-valued
raw
arbitrary
2
3
4
# Basic Constraints
值类型:multi-valued
作用:标识该证书是否是CA证书, 如果CA为 TRUE,则可以包含可选的路径长度名称,后跟非负值。
basicConstraints = CA:FALSE
basicConstraints = critical, CA:TRUE, pathlen:1
2
3
如果是CA证书,该值必须为TRUE,终端实体证书该字符需为FALSE或被忽略;pathlen 表示证书链的长度,为1表示只能签署一个中间人CA证书
# Key Usage重要
值类型:multi-valued
作用:声明证书中公钥的用途。
包含一下几个值: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly,
and decipherOnly.
keyUsage = digitalSignature, nonRepudiation
# Extended Key Usage重要
值类型:multi-valued
作用:对证书公钥的用途进行补充。
Value Meaning according to RFC 5280 etc.
----- ----------------------------------
serverAuth SSL/TLS WWW Server Authentication
clientAuth SSL/TLS WWW Client Authentication
codeSigning Code Signing
emailProtection E-mail Protection (S/MIME)
timeStamping Trusted Timestamping
OCSPSigning OCSP Signing
ipsecIKE ipsec Internet Key Exchange
msCodeInd Microsoft Individual Code Signing (authenticode)
msCodeCom Microsoft Commercial Code Signing (authenticode)
msCTLSign Microsoft Trust List Signing
msEFS Microsoft Encrypted File System
2
3
4
5
6
7
8
9
10
11
12
13
# 对等认证
extendedKeyUsage = serverAuth, clientAuth
2
虽然 IETF RFC 5280 规定 id-kp-serverAuth 和 id-kp-clientAuth 仅适用于 WWW,但实际上它们用于各种 TLS 客户端和服务器。
# Subject Key Identifier
值类型:string;可选值包括:none,hash,hex string;
subjectKeyIdentifier = hash
# Authority Key Identifier
值类型:string
authorityKeyIdentifier = keyid, issuer
# Subject Alternative Name 重要
值类型:multi-valued
作用:主要用作证书验证的;我们知道证书主题中有个Common Name
的字段,该字段服务端证书通常填写的是域名,而有时候我们该证书需要使用到多个域名或IP,此时我们可以将内容写在字段下面,作为扩展验证;
现在大多数主流验证程序先验证Subject中的CN字段,如果不相同,转而验证SAN(Subject Alternative Name)的内容。
该字段包含一下几种值:
email
email包含2个特殊的值:copy:将证书主题中的邮箱地址复制到扩展字段中; move:将证书主题中的邮箱地址移动到扩展字段中,主题中将不包含邮箱地址;
URI
DNS:常用作服务器扩展域名验证
RID
IP: 常用作服务器扩展IP地址验证
dirName(a distinguished name)
otherName
subjectAltName = IP:13::17, IP: 192.168.1.128
# CRL distribution points
值类型:multi-valued
作用: 标识了当前CA下吊销列表文件的下载地址, 判断当前证书是否吊销了,如果被吊销则被判定为无效证书。
crlDistributionPoints = URI:http://example.com/myca.crl, URI:http://example.org/my.crl
# CT Precertificate SCTs
作用: 证书透明度(Certificate Transparency); 这个是标准中没有提到的一个比较新的拓展。CT主要搭配了CA服务器上公开的Log,将记录CA的行为日志, 而每一个与当前证书相关的日志将被计入此字段,并被CA进行签名。校验阶段可以根据Log ID和timestamp查找日志中的对应操作,对证书进行审计以确定当前证书的合法性。
用途: 该字段的提出主要就是防止CA被入侵者利用后获取大量非法签发证书,而透明性的日志保证了证书的签发是到受到严格监控的。
# Authority Information Access
作用:标识了CA Issuer的信息,包括OCSP服务的网址与CA证书的下载地址。该部分在TLS很重要。OCSP服务会在后续CRL中提到。
# 使用 x509v3配置
我们在提交完成csr文件后,需要通过证书扩展配置来扩展证书用途,使用方式如下:
- 首先我们编写扩展配置文件
以服务端为例,我们需要使用证书作为服务端证书,创建server-ext.conf文件,进行如下配置:
subjectAltName = IP:192.168.1.128, DNS:king.com, DNS:king.site
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer
2
3
4
使用证书,需要校验服务端的IP或DNS是否为扩展配置的内容。
openssl x509 -req -in server.csr -out server-cert.pem -CA ca.pem -CAkey ca-key.pem -CAcreateserial -days 365 -extfile server-ext.conf
查看证书
openssl x509 -in server-cert.pem -noout -text