6

https://www.rfc-editor.org/rfc/rfc7633

https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/

How can I simple check if a certificate of a website has the OCSP must-staple extension ?

For example to check if a let's encrypt certificate has that property when asked: https://community.letsencrypt.org/t/improving-revocation-will-lets-encrypt-support-ocsp-must-staple/4334/20

Community
  • 1
Tom
  • 2,063
  • 12
  • 19

1 Answers1

7

If you parse the certificate using openssl x509 -text, you'll get:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:64:4e:0c:95:4d:02:eb:78:97:11:6f:62:ee:71:02
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA
        Validity
            Not Before: Dec  7 00:00:00 2015 GMT
            Not After : Dec  6 23:59:59 2016 GMT
        Subject: OU=Domain Control Validated, OU=GGSSL Domain SSL, CN=must-staple-no-ocsp.serverhello.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:11:7d:2b:99:af:dc:5a:4e:af:83:90:df:52:50:
                    3c:dc:52:08:0d:80:4c:b3:e3:fd:07:9c:99:6f:2c:
                    ab:1d:c0:ad:3e:c9:7c:da:25:f0:c2:e0:24:9b:b5:
                    fa:45:cf:e8:f6:cb:5d:7a:ce:a8:01:b5:af:5a:14:
                    03:fe:7c:6d:db:f3:ed:97:ea:08:cd:33:50:0f:09:
                    f1:00:50:ba:ae:ed:d2:a4:85:5b:4b:97:bf:0b:bf:
                    10:70:e1:32:83:70:d2
                ASN1 OID: secp384r1
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:BB:FA:08:E0:BF:54:EE:5A:FD:16:A4:35:02:09:A9:A4:C8:EC:FD:4B

            X509v3 Subject Key Identifier:
                1E:4C:D6:4E:0C:75:9F:9A:E9:A4:C0:2E:44:BF:41:02:44:16:B7:B9
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies:
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: https://secure.comodo.com/CPS
                Policy: 2.23.140.1.2.1

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.comodoca.com/COMODOECCDomainValidationSecureServerCA.crl

            Authority Information Access:
                CA Issuers - URI:http://crt.comodoca.com/COMODOECCDomainValidationSecureServerCA.crt
                OCSP - URI:http://ocsp.comodoca.com

            1.3.6.1.5.5.7.1.24:
                0....
            X509v3 Subject Alternative Name:
                DNS:must-staple-no-ocsp.serverhello.com, DNS:www.must-staple-no-ocsp.serverhello.com
    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:66:ed:0b:d2:4b:0a:97:15:29:91:54:5b:03:df:
         97:ac:b8:f4:dc:cc:43:7b:08:eb:b9:50:cf:16:c2:ac:6f:4e:
         02:20:6e:5c:4d:92:eb:b0:22:b6:91:41:e8:e1:a7:d2:27:cc:
         ef:65:d5:e9:76:9a:a8:1d:d1:b1:1b:7d:79:8c:2c:0b

but openssl s_client -trace will show this:

            TLS Feature:
                status_request

instead of

            1.3.6.1.5.5.7.1.24:
                0....

"1.3.6.1.5.5.7.1.24" is the number in the RFC where it is written in the form "1.3.6.1.5.5.7.1" "24". According to the RFC, it "In particular, the TLS feature extension may be used to mandate support for revocation checking features in the TLS protocol such as Online Certificate Status Protocol (OCSP) stapling."

So, if you need to do it once while debugging, openssl s_client -connect must-staple-no-ocsp.serverhello.com:443 -servername must-staple-no-ocsp.serverhello.com -status, copying the cert PEM into a file, openssl x509 -text -noout -in foo.pem | grep 1.3.6.1.5.5.7.1.24 will be ok. If you need it packaged in an API, that's more complicated.

Community
  • 1
Z.T.
  • 7,768
  • 1
  • 20
  • 35
  • I was looking at any way, preferably a simple interface like the network tab of FIrefox or a tool like ssllabs, but openssl will do the job with a grep. Thanks – Tom Apr 02 '16 at 18:43
  • 1
    The 1.3.6.1.5.5.7.1.24 OID should already show up in Firefox today, and in both Firefox and openssl you can expect that eventually they will learn what this OID means and write it out in text instead of numbers. OIDs are a tree of object identifiers fanning out from the ISO and ITU-T. The IETF "hijacked" 1.3.6.1 for its use in the 1980s by simply assuming that the US Department of Defense, which controlled 1.3.6 "would" issue 1.3.6.1 to them and acting as if it already had. Don't do this at home. – tialaramex Apr 02 '16 at 21:48
  • Indeed, in both Firefox and Chrome I can see the extension in the details tab if I view the certificate. – Z.T. Apr 04 '16 at 22:24
  • with sclient I get 'unknown option -trace' using OpenSSL 1.0.2g – bobpaul Apr 20 '18 at 00:37
  • 1
    @bobpaul unfortunately Trace is not compiled by default. To have that option, you need to build openssl from source. – Z.T. Apr 20 '18 at 00:40
  • Ok, so I'm doing `openssl x509 -text -noout -in foo.pem` and looking for 1.3.6.1.5.5.7.1.24, but I don't see it. (This is using the pem produced by s_client accessing the live server as in the example). Yet I do see it in Firefox and if open the `/etc/letsenscrypt/live/example.com/cert.pem` file. – bobpaul Apr 20 '18 at 01:06
  • @bobpaul I don't know. Can you paste the cert or show a different cert with same issue from crt.sh? – Z.T. Apr 20 '18 at 01:13