2

Imagine service with SSL-server authentication. There are 3 certificates in chain:

  1. Root CA certificate;
  2. Intermediate CA certificate;
  3. Host certificate.

Is it ok to put all 3 certificates (fullchain) to clients when they're connected? What arguments are to put only 2 and 3? AFAIK, in this case root certificate will be added to chain from local root certifiate storage (don't matter what the storage is).

Maxim Korobov
  • 133
  • 5
  • Mostly dupe https://security.stackexchange.com/questions/65332/ssl-root-certificate-optional (as autosuggested). Whether a nonconfigured root gets automatically added varies depending on the software, and for OpenSSL on the configuration. – dave_thompson_085 Apr 12 '19 at 01:35

1 Answers1

4

Pointless, but not dangerous

In order to understand the answer to the problem, we need to understand how certificates work. When a program encounters a certificate and it wants to verify the authenticity of it, it looks at the certificate itself, as well as the Issuer of that certificate (aka. the one who signed it).

That process is repeated until either:

  • A trust anchor is found (Success)
  • A validation error occurs (Failure)
  • A certificate is missing (Failure)
  • The top is reached an no trust anchor is found (Failure)

This means, if I have a certificate "Leaf", signed by "Branch", signed by "Root", then I need to verify three certificates. In order for this process to succeed, a trust anchor needs to be found. 99% of the time this will be "Root". Since I already need to be aware of "Root", there is no need for the certificate chain to include "Root".

Some examples to illustrate

Leaf + Branch are sent

This is the typical scenario. A client would first verify "Leaf", then verify "Branch" and finally search for "Root" in its own trust store. If "Root" is found, then "Leaf" is a trusted certificate (assuming all other data is valid). If "Root" is not found in the trust store, then the certificate is not trusted.

Leaf + Branch + Root are sent

This is what you referred to as the "fullchain" scenario. Verification works the exact same way. If "Root" is found in the trust store, then "Leaf" will be trusted. If it is not found, then it will not be trusted.

Leaf + Root are sent

This scenario is most likely a configuration error. When "Leaf" is being verified, the program would then attempt to verify "Branch". Since this certificate is missing, the verification fails, even though "Leaf" is valid. The fact that "Root" exists doesn't matter to the verification process, as the link between "Leaf" and "Root" can't be established.

Leaf is sent

This scenario is also a configuration error, but a far more common one than above. The outcome is the same nonetheless, since "Leaf" depends on "Branch", which is missing.

Summary

You can send the full certificate chain or omit the root certificate. It has no security implications, although sending the root certificate is pointless and just wastes bandwidth.

  • In `Leaf + Branch + Root are sent` scenario Root certificate checked by Root certificate from local store OR just ignored? – Maxim Korobov Apr 11 '19 at 14:53
  • 1
    The root certificate which is sent by you is completely ignored, as there is no benefit to verifying it. –  Apr 12 '19 at 06:32