Last week i had a blast while listening to Moxie Marlinspike’s Blackhat talk the past and future of SSL. The video is an absolute must see if you have any concern about the current state of SSL or the whole web for that matter.

As many know. There has been quite the turmoil in the SSL world lately with some big CA’s (Comodo, StartCom, Diginotar, GlobalSign) getting hacked. And rogue certificates being generated for major domains like microsoft.com, google.com, etc for who knows what type of malicious purpose. The real problem here are the centralized CA’s. For SSL to work you need to explicitly trust the major CA’s. And if one gets hacked. Well.. we know the deal by now. And the funny thing is that Moxie mentions in his talk. The whole CA wasn’t even part of the original SSL protocol. As the creator of SSL said “It’s something we through in at the end”.

But instead of only bashing the CA’s. Moxie comes with a solution to the problem. In the form of a new protocol Convergence, Which exists of a client and a server package. The client right now is a simple Firefox extension. And when installed it disables the current CA system in the browser. And will use one or more of the selected notaries instead. It even works with self signed certificates. And the back-end is a modular one. And the standard CA verification can be swapped with for instance DNSSEC based verification.

There is still a level of trust involved. But you won’t lay all your trust in one specific CA. Convergence uses notaries. Notaries are anonymous nodes that can be picked at will and can be used to verify the requested certificate. And like i said the notaries are anonymous. No more browser leakage at this point. One of th notaries will act as a bounce node to which a SSL connection is made. All other notaries are contacted through this secure connection.

I am probably not the best person to explain this all. So go ahead and listen/watch Moxie’s talk and form your own opinion. But i think everybody should install this Firefox plugin. And forget about the whole CA system. I went ahead and installed a notary node myself. Which can be found here. More information about setting up a notary node yourself can be found here

What should have been a simple assignment turned out to be a hair pulling endeavour. The ultimate goal was to read the client side certificate data in PHP. I am by no means a system administrator. And the SSL part will probably be done by somebody more experienced. And the certificates will be signed by real CA’s. But for developing locally i need something functioning.

So i spend the last hours trying to get client side certificates working. With absolutely no luck. I found a bunch of posts by doing Google searches. But none of them seem to offer the proper information for creating good client side certificates. Creating the CA and the server certificate is no problem at all. But creating a client side certificate seems impossible. Some of the post i tried:

http://www.modssl.org/docs/2.7/ssl_faq.html
http://www.vanemery.com/Linux/Apache/apache-SSL.html
http://www.linuxconfig.org/apache-web-server-ssl-authentication
https://help.ubuntu.com/community/OpenSSL
https://help.ubuntu.com/8.04/serverguide/C/httpd.html
http://it.toolbox.com/blogs/securitymonkey/howto-securing-a-website-with-client-ssl-certificates-11500

You would have thought that something like this would have been documented pretty well by now. But no luck for me. This only resulted in

[debug] ssl_engine_kernel.c(1879): OpenSSL: Read: SSLv3 read client certificate A
[debug] ssl_engine_kernel.c(1898): OpenSSL: Exit: failed in SSLv3 read client certificate A
[info] [client xxx.xxx.xxx.xx] SSL library error 1 in handshake (server lab:443)
[info] SSL Library Error: 336151570 error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate Subject CN in certificate not server name or identical to CA!?

So after almost giving up i found the CA.sh script hidden in /usr/lib/ssl/misc this little sucker seems to do the job pretty well. Creating a CA, server certificate and client side certificate is extremely easy. So i settled for that.

Creating the CA

$ cd /usr/lib/ssl/misc
$ /CA.sh -newca
CA certificate filename (or enter to create)

Making CA certificate …
Generating a 1024 bit RSA private key
…………………..++++++
………………………………++++++
writing new private key to ‘./demoCA/private/./cakey.pem’
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:

And fill out some basic certificate data

Country Name (2 letter code) [AU]:NL
State or Province Name (full name) [Some-State]:NH
Locality Name (eg, city) []:Purmerend
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bluesignal
Organizational Unit Name (eg, section) []:lab
Common Name (eg, YOUR name) []:lab
Email Address []:my@email.tld

Creating the server certificates

$ ./CA.sh -newreq
Generating a 1024 bit RSA private key
.++++++
…………………………………………………………………………++++++
writing new private key to ‘newkey.pem’
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:

Fill out the same basic certificate data

Country Name (2 letter code) [AU]:NL
State or Province Name (full name) [Some-State]:NH
Locality Name (eg, city) []:Purmerend
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bluesignal
Organizational Unit Name (eg, section) []:lab
Common Name (eg, YOUR name) []:lab
Email Address []:my@email.tld

Sign the sucker

$ ./CA.sh -sign
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok

The only thing left to do is creating the client side certificate

openssl pkcs12 -export -in newcert.pem -inkey newkey.key -out username.p12 -name “Client Certificate”

Time to configure Apache2. I used the standard default-ssl virtual host and just reconfigured it

SSLEngine on
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM
SSLProxyEngine off
SSLOptions +StrictRequire +OptRenegotiate +StdEnvVars +ExportCertData

SSLCertificateFile /usr/lib/ssl/misc/newcert.pem
SSLCertificateKeyFile /usr/lib/ssl/misc/newkey.pem
SSLVerifyClient require
SSLVerifyDepth 1

SSLCertificateChainFile /usr/lib/ssl/misc/demoCA/cacert.pem
SSLCACertificatePath /usr/lib/ssl/misc/demoCA/certs
SSLCACertificateFile /usr/lib/ssl/misc/demoCA/cacert.pem

reboot Apache2

$ /etc/init.d/apache2 restart

The server side is ready. But it is still impossible to connect at this moment. We need to install the client certificate inside Firefox

Edit > Preferences > Advanced > View Certificates

Choose import and browse to the newly created *.p12 certificate file.

Now i can finally connect based on my client side certificate and read the pieces of data i was looking for. Which can easily found by doing

print_r($_SERVER);

Some of the stuff i was looking for

[SSL_CLIENT_S_DN_C] => NL
[SSL_CLIENT_S_DN_ST] => NH
[SSL_CLIENT_S_DN_L] => Purmerend
[SSL_CLIENT_S_DN_O] => Bluesignal
[SSL_CLIENT_S_DN_OU] => lab
[SSL_CLIENT_S_DN_CN] => lab
[SSL_CLIENT_S_DN_Email] => my@email.tld
[SSL_CLIENT_I_DN_C] => NL
[SSL_CLIENT_I_DN_ST] => NH
[SSL_CLIENT_I_DN_O] => Bluesignal
[SSL_CLIENT_I_DN_OU] => lab
[SSL_CLIENT_I_DN_CN] => lab
[SSL_CLIENT_I_DN_Email] => my@email.tld

Now it’s time for the fun part.