6

I have recently started learning about PKI and have the following question/s.

As far as I know a signed certificate contains the domain name of the server that the certificate will be placed upon.

If I were to change the 'hosts' file of a PC and have, for example, www.youtube.com point to my own server, is it possible to 'take' Youtube's certificate and place it on that server, and have it appear as trusted?

I understand it would be pointless as an attack as you don't have the corresponding private key to decrypt the data, but to the end user, would the website appear as 'trusted' in their browser, as the domain is still correct?

The signature would also be valid I believe, as you haven't modified the certificate in anyway and therefore the hash would remain the same and the signature valid.

Would the above work? would the user send encrypted data to the fake 'www.youtube.com', but then nothing happen as the server hasn't got the key to decrypt it?

Any help clearing up the above questions would be greatly appreciated, Thanks.

Edit - I now know it will show as untrusted as a SSL/TLS session cannot be created, but as a follow up question -

On Chrome when I visit a HTTPS site, click the padlock, and then 'Connection'. There are 2 parts, identity and connection. I wonder if the top 'identity' part would show as green and trusted, but the bottom half would show as red because it can't establish a connection, for the reason mti2935 answered?

RJSmith92
  • 311
  • 2
  • 9

2 Answers2

14

No, the certificate would not appear as trusted in the user's browser, because the connection would fail, because the user's browser would not be able to complete an SSL/TLS handshake with the server. In order for the handshake to be completed, the server must have the private key that corresponds to the public key in the certificate.

mti2935
  • 19,868
  • 2
  • 45
  • 64
  • Thanks for that, just what I was looking for. Quick follow up question, what would the user see if they visited the server from my example? – RJSmith92 Nov 12 '15 at 21:27
  • 4
    Their browser would not be able to connect. The user might see an error message in their browser indicating that a connection could not be established. – mti2935 Nov 12 '15 at 21:34
  • Just looking on Chrome when I visit a HTTPS site, click the padlock, and then 'Connection'. There are 2 parts, identity and connection. I wonder if the top 'identity' part would show as green and trusted, but the bottom half would show as red because it can't establish a connection, for the reason you answered? – RJSmith92 Nov 12 '15 at 22:24
  • 1
    I don't have a way to test this, but I would be very surprised if Chrome (or any browser for that matter) would indicate that a server's identity is trusted, without being able to complete an SSL/TLS handshake with that server. It's trivial to download the certificate for any site. A bad actor could easily download the certificate for paypal.com, and install it on a rogue server. But, without the private key, the server would not be able to complete an SSL/TLS handshake with a browser. I would be appalled if a browser would show me that the identity of the server is trusted in this case. – mti2935 Nov 13 '15 at 00:56
  • 1
    This answer is misleading, the connection will fail. Depending on your browser you may have the opportunity to continue without a secure connection. You'll see a broken lock or something. – Neil Smithline Nov 13 '15 at 01:25
  • 1
    Thanks for the suggestion, Neil. I've edited the answer to clarify that the connection would fail in this case - due to the handshake being impossible without the private key. – mti2935 Nov 13 '15 at 02:09
  • 1
    In fact: you'll have trouble even getting the webserver to start up in the first place, if it doesn't have a key to match the cert. E.g. `openssl s_server` will refuse to run and report `x509 certificate routines:X509_check_private_key:key values mismatch`(as it should). – StackzOfZtuff Nov 13 '15 at 08:03
  • Thanks everyone for the information, really appreciate it. Going to raise another question soon as a follow up to this. – RJSmith92 Nov 13 '15 at 19:28
  • I've asked a follow question here if anyone is interested - http://security.stackexchange.com/questions/105485/using-a-stolen-certificate-on-a-server – RJSmith92 Nov 13 '15 at 20:58
0

Actually, you wouldn't even establish a connection to the server. To establish a connection you need private key. Let's suppose that on the handshake model, Alice is the client and Bob is the server and the colours are the keys:

TLS handsahke

Vilican
  • 2,703
  • 8
  • 21
  • 35
  • 4
    This is a diagram of Diffie-Hellman, which is not used for authentication of a TLS session at all. The attacker will pass this step, but will fail when it's time for the RSA signature. – Reid Rankin Nov 13 '15 at 02:10
  • Hi MrNerdHair, do you mean the attacker will pass the diffie-hellman key exchange but fail at the RSA Signature. I would have thought the RSA signature would have worked and 'authenticated' the server, as the DNS name is correct and has a valid signature from a trusted authority. – RJSmith92 Nov 13 '15 at 20:29
  • I've asked a follow question here if you're interested - http://security.stackexchange.com/questions/105485/using-a-stolen-certificate-on-a-server – RJSmith92 Nov 13 '15 at 20:59