5

Recently I bought a SSL cert from comodo for my domain - orakoha.com

After submitting the CSR etc, domain control verification etc, I am issued with a zip file containing 4 document which I believe are my issued certificate, intermediate ca certificates and the root certificate.

  1. www_orakoha_com.crt
  2. COMODORSADomainValidationSecureServerCA.crt
  3. COMODORSAAddTrustCA.crt
  4. AddTrustExternalCARoot.crt (root certificate)

My question are as below

  • When a browser visit my site (e.g. www.orakoha.com), download my cert and see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crt) from my webserver ? or it will prompt the end-user (using the browser) whether he/she wanted to install those certs?
  • If a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen? will my webserver send the root cert over and the browser will prompt whether to install the root cert or not?
  • How do I see what are the root certs that are already installed in the browser?
RoraΖ
  • 12,317
  • 4
  • 51
  • 83
Noob
  • 501
  • 1
  • 7
  • 11

2 Answers2

6

In short: the intermediate certificates have to be sent within the TLS handshake (needs proper configuration of the server) and only the CA local at the client will be considered as trust anchors.

In detail:

... see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crt) from my webserver ?

No browser will download the certificate from your site. If intermediate certificates are missing in the TLS handshake some browsers might try to download the certificate from other sites but you should not rely on it. Google Chrome on desktop seems to do it, other browsers not.

or it will prompt the end-user (using the browser) whether he/she wanted to install those certs?

No, there will be no prompting. Just an error that the certificate cannot be validated.

... will my webserver send the root cert over and the browser will prompt whether to install the root cert or not?

No. It would be stupid if a browser would trust any random root certificate send by a server, because then man in the middle attacks would be simple. Even prompting will not help much because most users will just click through any dialog they don't understand. Browsers will only trust the CA shipped with the browser or provided by the OS and explicitly installed CA. Installing a new root is more complex and usually involves that the user explicitly downloads, installs and trusts the CA certificate.

How do I see what are the root certs that are already installed in the browser?

There are lots of information about this on the internet. Just follow the links from the search for "view root certificates browser". Note that the actual ways depend on the browser and OS.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • thanks for the shedding light - so the intermediate certs required will be automatically requested by the client's browser ? – Noob Apr 05 '16 at 15:29
  • @Noob: NO! let's repeat myself: "No browser will download the certificate from your site. If intermediate certificates are missing in the TLS handshake **some** browsers might try to download the certificate from other sites... ...other browsers **not**." And also "the intermediate certificates **have to be sent within the TLS handshake**" – Steffen Ullrich Apr 05 '16 at 15:41
  • thanks steffen. what I meant is , if a browser visit a site and realize it needs intermediate certs to verify the site's cert. what will happen ? "the intermediate certificates have to be sent within the TLS handshake" - are the intermediate certs send together with the main cert when the client 1st visit the site ? – Noob Apr 06 '16 at 05:06
  • @Noob: The intermediate certificates should be send **always** together with the leaf certificate in the TLS handshake, not only on some first visit. And what the browser does when these are missing depends on the browser like I stated but in the worst case the validation will simply fail. – Steffen Ullrich Apr 06 '16 at 05:19
  • I see. so leaf and intermediate certs are always send together but they are not never install by the client/browser, just use for verification - right ? does installation of certs means = trust without further verification ? – Noob Apr 06 '16 at 09:30
  • @Noob: if you install a CA you trust it. How do you validate that you can trust a CA before installing it is up to you, i.e. you might trust the CA of your company but you should not trust some random CA certificate you've downloaded from the internet. – Steffen Ullrich Apr 06 '16 at 09:37
  • thanks for reply - so what I meant is when a client/browser access a server, the client is just verifying the certificate (leaf/intermediate) that the server sendover - it will not install or do anything else - right ? – Noob Apr 06 '16 at 09:58
  • @Noob: correct, just used for validation with installed trust anchors but not installed as new trust anchor. But some browsers might cache these intermediate and use these cached to work around sites which provide incomplete certificate chains. – Steffen Ullrich Apr 06 '16 at 10:18
  • According to [this thread](https://community.qualys.com/thread/12098) Firefox and Safari seem to download intermediate certificates as well (possibly from Mozilla and Apple respectively?), while non-browser clients like Wget and cURL simply reject the connection. – Franklin Yu Aug 30 '17 at 14:55
  • The server does not need to send the root certificate, but it does need to send the leaf up to and including the intermediate. On the client side, they only need the root certificate. However some clients like iPXE seem to require the intermediate certificate as well. – CMCDragonkai Jan 21 '20 at 08:23
3

First, you should read through the most famous question on this site: How does SSL/TLS work?, having a good understanding of TLS will clear up a lot of your questions.

Answering your questions:

a) When a browser visit my site ... will prompt the end-user (using the browser) whether he/she wanted to install those certs?

No, visiting a site in a browser will never result in the user installing certs. When you install a cert into your OS's trust store you're saying "I know the origin of this certificate, and I trust it completely". How could I possibly trust a cert that's given to me by some random site that I just visited? How do I know that the cert I've downloaded actually belongs to the site, and not a man-in-the-middle attacker?

b) If a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen?

Simple, the cert will fail to validate and the browser will throw angry warnings.

Your certificate trust-store gets filled in with root certificates that have been properly vetted by teams of security experts at Google/Chrome, Mozilla/Firefox, Apple, Microsoft, etc (these are called "pinned certificates"). If a cert was not issued by a trusted root, then it's ... not trusted. Installing a random root cert in order to get around a trusted root is basically the same as disabling your virus scan because it told you that the file you're trying to open contains a virus. These security mechanisms exist for a reason - listen to them!

c) How do I see what are the root certs that are already installed in the browser?

In Chrome it's in the settings here: (it's in similar places in other browsers)

Chrome's certificate list

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
  • thanks for the reply - in short, can we say that server cert and intermediate certs are send over from the webserver to the browser, but they are never downloaded nor installed - right ? will the client/browser automatically request intermediate certs required ? – Noob Apr 05 '16 at 15:31
  • I'm not an expert on how browsers work, but yes, that sounds right. – Mike Ounsworth Apr 05 '16 at 15:52
  • As mentioned in a comment to [my answer here](http://security.stackexchange.com/a/119463/61443), some browsers actually do download and install intermediate certificates. This is called "certificate caching", but there are some security implications to it, and not all browsers do it, so I wouldn't rely on it. – Mike Ounsworth Apr 05 '16 at 15:54
  • what I meant is, will a client/browser request intermediate certs for verification of the site's cert ? I asked this because I am putting the intermediate cert in my apache, but what's the point if the browser doesn't request them ? – Noob Apr 06 '16 at 05:08
  • Oh, yes, the browser will download the intermediates from your web server. "Installed into a client" means that they are placed into the trust store forever, but I see what you mean now. – Mike Ounsworth Apr 06 '16 at 11:35