0

Let's say as an end user I generate a CSR (for a server cert) to send over to a CA and I don't include a subject alternative name. How or what would they do in order to include that information on the server certificate they send back? Or would they not send anything back at all and reject it telling me to include one?

Assuming a scenario where they don't reject it, my best guess is doing something like subjectAltName = commonName or subjectAltName = {domain of e-mail} ?

Basically I am attempting to act as my own CA using OpenSSL (1.1.0i). I've created a root pair and 2 intermediate pairs. I know I could provide SANs manually each time but I figured if there's a way to automate and have more fail-safes that would be cool too.

mac92
  • 1
  • `Basically I am attempting to act as my own CA` -- and why to not use specialized CA software? Generally, CAs copy `CN` or `E` subject attributes to appropriate SAN name types. For SSL certificates, they usually include both, domain and domain with `www` prefix. – Crypt32 Aug 17 '18 at 20:17
  • In all honesty I didn't realize there was specialized CA software. I'm still at a beginner level working my way through software like OpenSSL. It's not so much I need to achieve the result of acting as a CA, but more so about the learning process and understanding what's going on "under the covers". More curiosity on my part than any sort of requirement or task I need to get done. What you mentioned makes sense. So I'll probably tweak my config and add a couple sections that assign SAN to CN and www + CN. Thank you for the assistance! – mac92 Aug 17 '18 at 20:39
  • `In all honesty I didn't realize there was specialized CA software` -- there are. For Windows environments there is Microsoft ADCS, also there is an open-souce Java-based EJBCA. `I'm still at a beginner level working my way through software like OpenSSL` -- not good start. OpenSSL is not for beginners and your solution will be flawed from the beginning and will worth little to nothing. Start with tools that will hide all unneccessary complexities. Learn how basic work and then you can dig into details. That is, start with CA software, make it running in basic config and then tweak. – Crypt32 Aug 17 '18 at 21:00
  • "How or what would they do in order to include that information on the server certificate they send back?" Why do you want the CA to modify the CSR instead of signing it as is? Also if it is a DV each SNA should be tested with some kind of challenge... – Patrick Mevzek Aug 17 '18 at 23:47

2 Answers2

1

A CSR is nothing more than a (signed) proposal of what kind of certificate you want to have. It is actually not really needed to create a certificate, i.e. a certificate could be created completely without having a CSR first.

The CSR proposal contains the public key which should get included into the final certificate and it contains things like subject, subject alternative names etc which propose to add to the certificate too. The CSR is signed with your private key so that the CA can verify that you actually own the private key matching the public key of the certificate.

The CA takes the information from your CSR which it likes when creating a certificate and also adds many information by its own, i.e. not taken from the CSR. It will take the public key from the CSR. The subject it adds to the certificate will probably be based on your CSR proposal, but it might also modify it, add subject alternative names you did not add (i.e. might add www.domain) and exclude others which you've tried to sneak in etc. It will also add start and expiration time, AIA (like URL for OCSP requests), issuer information, certificate purpose ... - and most of these will not be taken from the original CSR.

Basically I am attempting to act as my own CA using OpenSSL (1.1.0i)

I'm not sure if and how one could use the openssl tool to create certificate hierarchies without CSR but one can definitely do this with the OpenSSL library. For example I regularly create test certificates with root, intermediate and leaf certificate like this in Perl without needing any CSR:

use strict;
use warnings;
use IO::Socket::SSL::Utils;

my @root = CERT_create(
    subject =>  { CN => 'root' },
    CA => 1,
);
PEM_cert2file($root[0],'root-cert.pem');
PEM_key2file($root[1],'root-key.pem');

my @middle = CERT_create(
    issuer => \@root,
    subject =>  { CN => 'middle' },
    CA => 1,
);
PEM_cert2file($middle[0],'middle-cert.pem');
PEM_key2file($middle[1],'middle-key.pem');

my @leaf = CERT_create(
    subject =>  { CN => 'example.com' },
    subjectAltNames => [
        [ 'DNS', 'example.com' ],
        [ 'DNS', 'www.example.com' ],
        [ 'IP', '10.0.3.4' ],
    ],
    purpose => 'server',
    issuer => \@middle,
);
PEM_cert2file($leaf[0],'server-cert.pem');
PEM_key2file($leaf[1],'server-key.pem');
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
0

In the 1000+ certs I have done, the CA never changes the CSR. They issue it as is.

I have seen some CA's advertise that they will give a free alt name of www so if you pay for example.com, you get www.example.com free as an alt.

Doing it yourself will mean that the cert software will not change the CSR, unless you change the cert software. If you want to do that, you can.

MikeP
  • 1,159
  • 7
  • 12