0

I'm trying to test some services and they need to talk to each other over https ( and they can't talk over http). I want to:

  1. create a Root CA that I can install in my Ubuntu-based docker images
  2. sign a subdomain cert like *.example.com such that curl and openssl will validate against it, with the root CA cert manually installed into the Ubuntu system.

In pursuit of 2, I've tried following this chap's example, but I'm not sure if it works with star certs.

I cobbled together the sequence of steps into a bash script:

#!/bin/bash -x

SUBDOMAIN=example.com

openssl genrsa -des3 -out rootCA.key -passout pass:pass 4096

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 2048 -out rootCA.crt \
  -passin pass:pass \
  -subj "/C=US/ST=WA/L=Seattle/O=Foo/OU=bar/CN=*.$SUBDOMAIN"
  
openssl genrsa -out star.$SUBDOMAIN.key 4096

openssl req -new -key star.$SUBDOMAIN.key -out star.$SUBDOMAIN.csr \
  -subj "/C=US/ST=WA/L=Seattle/O=Foo/OU=bar/CN=*.$SUBDOMAIN"
  
cat > $SUBDOMAIN.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.$SUBDOMAIN

EOF
  
openssl x509 -req -in star.$SUBDOMAIN.csr -CA rootCA.crt -CAkey rootCA.key \
  -CAcreateserial -out star.$SUBDOMAIN.crt -days 3650 -sha256 -passin pass:pass \
  -extfile $SUBDOMAIN.ext
  
openssl x509 -in star.$SUBDOMAIN.crt -text -noout

cat star.$SUBDOMAIN.crt star.$SUBDOMAIN.key > star.$SUBDOMAIN.pem

socat openssl-listen:4433,reuseaddr,fork,forever,cert=star.$SUBDOMAIN.pem,cafile=star.$SUBDOMAIN.crt \
  exec:'/bin/cat' &
  
openssl s_client -CAfile rootCA.crt  --connect localhost:4433

kill %

When openssl runs at the end, it fails to validate with a message:

[...]
Verification error: unable to verify the first certificate
[...]

Is there something glaring about this cert generation flow that would cause openssl to reject it? I've tried curl and openssl on full verbosity, but this eludes me.

Full log:

+ export SUBDOMAIN=example.com
+ SUBDOMAIN=example.com
+ openssl genrsa -des3 -out rootCA.key -passout pass:pass 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
..........................................................................................................................................++++
.............................++++
e is 65537 (0x010001)
+ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 2048 -out rootCA.crt -passin pass:pass -subj '/C=US/ST=WA/L=Seattle/O=Foo/OU=bar/CN=*.example.com'
+ openssl genrsa -out star.example.com.key 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
..............................................++++
........................................................................++++
e is 65537 (0x010001)
+ openssl req -new -key star.example.com.key -out star.example.com.csr -subj '/C=US/ST=WA/L=Seattle/O=Foo/OU=bar/CN=*.example.com'
+ cat
+ openssl x509 -req -in star.example.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out star.example.com.crt -days 3650 -sha256 -passin pass:pass -extfile example.com.ext
Signature ok
subject=C = US, ST = WA, L = Seattle, O = Foo, OU = bar, CN = *.example.com
Getting CA Private Key
+ openssl x509 -in star.example.com.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:bb:c2:01:cb:c8:e4:b0:b8:9f:0f:45:0b:52:67:b8:ae:9f:d8:af
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = WA, L = Seattle, O = Foo, OU = bar, CN = *.example.com
        Validity
            Not Before: Aug  4 02:52:01 2021 GMT
            Not After : Aug  2 02:52:01 2031 GMT
        Subject: C = US, ST = WA, L = Seattle, O = Foo, OU = bar, CN = *.example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:97:13:94:b2:51:9d:40:2a:09:b3:b0:7a:57:d7:
                    a2:22:d5:91:8b:4f:6a:b0:2d:55:00:95:9e:79:31:
                    75:3e:44:85:6c:59:54:d5:1e:bb:d8:61:e2:f1:4e:
                    e1:7d:83:d7:a0:c2:56:fd:f8:b9:b9:b0:f4:db:69:
                    3b:51:76:63:04:43:04:37:3c:bb:53:33:6b:b2:32:
                    c2:9c:a3:0a:88:d3:be:ac:4d:5c:c8:05:0d:8c:79:
                    82:f4:b7:ac:00:d3:fb:14:a8:e7:84:d3:27:20:1e:
                    a7:79:13:86:b5:94:79:f1:cc:31:ff:d6:d9:2a:99:
                    ac:13:9c:c6:8c:67:17:19:c4:57:95:7d:ad:bd:f8:
                    2a:70:08:67:5f:2f:c7:09:5a:df:bd:a7:75:6a:a7:
                    f9:83:32:ee:24:2b:d5:a2:f5:ac:b5:76:78:32:e5:
                    67:88:2a:5b:e7:ed:c3:17:bb:b8:0f:dc:80:c5:f9:
                    0a:d3:68:51:78:fd:c8:33:b0:db:42:46:0c:e1:4e:
                    93:77:ad:fb:4f:2e:47:98:6b:09:4d:94:40:ba:cd:
                    88:ed:85:ce:3f:2a:85:25:e9:0a:7e:4c:ba:b5:da:
                    d6:b9:6d:75:9a:5d:40:94:fc:c6:d0:77:8c:55:99:
                    ff:fd:d7:71:49:0b:03:75:f0:7a:11:d5:9a:19:57:
                    57:17:12:18:c4:55:c2:c5:44:1e:d5:4b:06:60:39:
                    4f:2b:17:81:63:14:e0:f3:75:2c:fb:b2:78:76:c6:
                    74:e4:7d:7f:25:db:c5:66:0a:64:6a:36:c6:8d:b9:
                    f7:5c:dc:77:a9:2f:4a:94:1a:da:8c:fb:ac:b7:64:
                    e6:d4:6c:d0:e9:9c:64:05:5d:96:81:fa:20:87:2a:
                    56:25:dc:96:ce:90:8c:ba:ef:3b:2e:9a:8b:db:54:
                    84:48:4e:59:d1:e5:31:f8:e6:57:97:b5:3b:fa:d7:
                    de:63:c5:94:c2:2a:07:50:6d:58:5b:87:ed:b3:5e:
                    af:15:14:9e:2e:65:c1:df:2c:4d:35:2b:ce:24:f9:
                    ad:8b:5e:6c:00:6d:ce:28:2a:33:33:bd:8e:1a:64:
                    cd:15:72:85:79:7e:e7:bd:07:74:d7:0c:c6:8b:7d:
                    29:5f:71:d2:f7:82:17:15:00:57:2b:14:1c:f8:cb:
                    c4:25:51:79:62:d2:41:18:44:18:a4:4b:1e:6a:f2:
                    16:33:e5:47:39:73:5c:8b:d8:39:4b:f3:79:b2:12:
                    90:68:98:8f:18:8a:18:e8:5a:e0:c4:c8:88:e6:e4:
                    8f:5a:59:b4:9f:d7:81:ed:d5:e3:23:f9:86:6e:d1:
                    6d:a1:00:d0:f9:44:42:9e:3d:d3:50:97:ee:26:bf:
                    c3:18:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:44:EE:13:83:5C:D7:C8:11:78:64:A2:F1:E1:9C:CF:D9:F2:FE:57:7E

            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
            X509v3 Subject Alternative Name: 
                DNS:*.example.com
    Signature Algorithm: sha256WithRSAEncryption
         2c:fb:18:13:84:86:c4:f9:87:ab:ae:c6:bf:b9:48:75:d0:83:
         a0:5b:06:01:ca:72:c5:8f:9e:f7:29:6d:eb:d2:6b:9d:2d:ad:
         34:49:27:b8:8e:e6:06:70:52:94:e7:e6:54:67:73:93:dc:43:
         05:28:ad:6d:f8:e1:34:ad:52:e2:bf:36:0d:e9:a6:f1:21:17:
         87:8c:92:15:62:57:60:72:a2:c7:86:b9:b3:7d:8b:be:4b:14:
         32:8e:4d:17:60:21:f2:76:d5:1f:55:89:d6:bb:b6:0e:f7:f9:
         1d:98:cb:01:ee:59:43:a5:99:96:5d:3c:da:23:61:4a:5c:6a:
         64:e2:87:eb:a0:02:e9:6c:1c:f5:32:52:b5:bb:56:c3:a8:10:
         84:6e:b2:df:33:28:11:ec:fd:1f:08:d4:5a:45:ed:a7:ea:4d:
         57:8e:9a:44:a1:b5:65:05:ed:5e:1e:8d:c1:52:fa:be:1d:1e:
         6c:4a:be:5d:a2:fb:9f:19:3e:1e:5c:20:15:ce:0a:95:c3:d6:
         b0:f8:44:71:3b:66:e3:e2:54:f2:f5:08:72:04:5a:90:fb:65:
         47:e2:aa:9f:a7:5c:e1:e4:00:09:cc:e7:e7:a5:4a:58:04:53:
         50:52:6b:92:60:2e:44:59:78:2c:5f:d0:b4:86:fe:e0:44:f1:
         a2:0d:79:55:51:fb:65:81:c5:06:3c:d7:5a:4d:71:39:72:8c:
         ee:df:4b:ed:2e:f8:f7:7a:59:b7:7b:76:93:bd:f5:1d:80:86:
         19:23:5e:b8:d9:2e:e5:67:64:ce:7c:05:5d:c7:40:3f:cf:80:
         50:40:42:38:34:12:ef:f0:e5:31:04:5e:1b:48:15:17:ed:a6:
         76:f0:0d:fb:5e:40:fd:f4:6c:a0:4d:b8:06:37:c1:75:04:e2:
         04:b8:ce:9c:17:cb:3a:ab:20:d9:a5:0b:4f:07:ed:14:71:13:
         52:38:b5:dd:ca:05:e9:6c:27:37:9e:c2:44:40:2b:50:16:df:
         eb:0a:11:6c:33:ec:05:82:6c:bc:24:5f:c1:12:44:19:02:62:
         02:79:8b:1f:f4:7f:77:6b:e4:42:89:cd:19:61:65:e0:79:a3:
         33:48:98:e4:da:76:86:48:42:19:da:a0:6f:e0:d8:34:ab:dc:
         a5:c5:03:c4:a8:7a:7a:96:20:bd:08:b0:07:5e:6b:da:9b:30:
         fa:71:15:27:ee:c8:38:73:33:8b:8e:f4:a4:f5:a4:4a:c6:41:
         9e:96:34:d4:21:1b:88:60:48:22:61:2d:d0:5a:5f:a4:47:50:
         1c:76:81:89:b6:84:dc:05:c0:e1:a4:ca:c7:cf:43:34:ba:ae:
         ce:c4:a4:e3:5d:7c:21:d6
+ cat star.example.com.crt star.example.com.key
+ openssl s_client -CAfile rootCA.crt --connect localhost:4433
+ socat openssl-listen:4433,reuseaddr,fork,forever,cert=star.example.com.pem,cafile=star.example.com.crt exec:/bin/cat
depth=0 C = US, ST = WA, L = Seattle, O = Foo, OU = bar, CN = *.example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = WA, L = Seattle, O = Foo, OU = bar, CN = *.example.com
verify error:num=21:unable to verify the first certificate
verify return:1
139679332975040:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40
CONNECTED(00000005)
---
Certificate chain
 0 s:C = US, ST = WA, L = Seattle, O = Foo, OU = bar, CN = *.example.com
   i:C = US, ST = WA, L = Seattle, O = Foo, OU = bar, CN = *.example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFozCCA4ugAwIBAgIUcbvCAcvI5LC4nw9FC1JnuK6f2KwwDQYJKoZIhvcNAQEL
BQAwYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0dGxl
MQwwCgYDVQQKDANGb28xDDAKBgNVBAsMA2JhcjEWMBQGA1UEAwwNKi5leGFtcGxl
LmNvbTAeFw0yMTA4MDQwMjM2MzFaFw0zMTA4MDIwMjM2MzFaMGAxCzAJBgNVBAYT
AlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTEMMAoGA1UECgwDRm9v
MQwwCgYDVQQLDANiYXIxFjAUBgNVBAMMDSouZXhhbXBsZS5jb20wggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQC8DW2AOpAMnsQuQwk21m4D5cmF0LjAcw68
LuML7g1TwqPRmVLfB4YEnhj63J4gT2wgk/p63ZaMQUOh1wc/b7biqtJCUXc/VL0d
CIW0qxq6cnvH2VhC0eLAJJWIUbemaRmz3E/TiLbmr+B2/jOjT9oSFmkDGhSbya5Y
Y/LD4AVmktnB/QJK8MfND+pptZ89i1Mk5Z/0QItT/iD3Y4Te3FwZkZ2E0V8Iwtih
oWKBj/7MaQgJVCLpIUs1sjjMvJAJ/gfD+2hVv3MP8loz3+pm2G1QNYNi49ZPd7F7
DbWN4bAiAnwCccozv7LkXm0KSB5pO5qK+KbKIGj6SKjy5c9yoRNrv0/1mz6+D80L
R6yVXGjwbEKD9KHiH9cP80GC70wmazHyknMq1dFMnqWgjzddfcqqYcpB89wkeh2l
M3tDXiXblfLe3iFl3lCjVxO2TrE9fLYN7D9i283xf3qF5zDo1ZIkmiIP2OoRXevv
Oi2c/fv+KjrvCFxJlvzHVNc6arWZs+f/+V+ICma8H26r1gx+FWk7mMktGWhAVzws
9y4xYW9774s2PRh02IJoKrd66kjxkDWzbnUoSr3Ec6F/uLSkVT/MIT4ga2SyxOdT
SCs2I0otq+VsM+buUfqCWmdez+r5h6DWPQbz/veFezQjC/iUa6gssTRG5adjEKl5
09/gdHJDWwIDAQABo1UwUzAfBgNVHSMEGDAWgBSfkf4s0l150XoIaVhcasDNnbCV
mjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAYBgNVHREEETAPgg0qLmV4YW1wbGUu
Y29tMA0GCSqGSIb3DQEBCwUAA4ICAQA3pJbauHPX+o6MwwhNLECoFpQsQZZzfHhY
PrwXW6owrjiefzYwZCtMkPe/1mU6XJrRnAq/9VZX85Pzp1dTcztc1GnugGCE+okr
vvMDARlNZk8AAlE/zGWpL72paYVHvb71hkwTwVnvDIiKY2YtMut5fRTf4oanw5x7
1c2i1aInbRiU50VPTIJJksXG082ndm5XuLgnFpd/4x93kcQ064WS30YnCbIkWDkN
Prru79avjo9YAXl4JGi3DFKs3MnOC1C8sS9TcWPA6v2rlDpyR/xQ3e10SkW+8aKE
JN/KkrDCdukXfP6PeI4kS8hfGTBZQnQ6vumMxwf3jfS61l9zc9RA6h5R1r7h21Mj
9+K1VLgbCpmeE6fQj/hADkWYt+Osnf1MbhoZ+iotkHR6V4JkodSXOyvUahSPYz4d
mpSmBfKWkXyqe3lrXiWacw9mLMVKUEfQq0qFT0b/rnguo09rqAsBPJcgAvgnoGZ3
voGrW6LXUbIWlnsOuS3UEFaIbTlxwXi1zHQDGi7dsfIX5rWK9+xDALz58XeY5QFa
BvhZoJk9Vwx/fEdI2T8Y35vqUCJgqPTkHVSEu3aoXIz47IHlpXibS/UkyxRWr9RW
DO2FjK5VlgXQtmrBKbMyz0kEn+f463MUo9FigXa6/SZWIHATMEdlnyVMjimMPS+J
tQyAbcvB/Q==
-----END CERTIFICATE-----
subject=C = US, ST = WA, L = Seattle, O = Foo, OU = bar, CN = *.example.com

issuer=C = US, ST = WA, L = Seattle, O = Foo, OU = bar, CN = *.example.com

---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1:DSA+SHA224:DSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1:DSA+SHA224:DSA+SHA1:DSA+SHA256:DSA+SHA384:DSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2205 bytes and written 449 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 093BFC9F755DDE826FA6D83C9DFFEAD03033DE4ED32247FBEF0A652D1DF8832C464FEBFD7533D08584B05882702FD649
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1628045521
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: yes
---
+ kill %
Ross Rogers
  • 101
  • 3
  • 1
    Looks like there is only one certificate in your chain. You need to send the whole chain including your root from the server. It is written in a single PEM file with sections – Manish Adhikari Aug 04 '21 at 03:57
  • 2
    TLS servers send the end entity (leaf) cert and all the intermediates, but not the root to the client during handshake. Since there is no intermediate here, I think sending just the leaf is correct. – Z.T. Aug 04 '21 at 04:11
  • 3
    It is a very bad idea to give both CA and certificate the same subject. This way it looks like a self-signed certificate and might lead to confusion when trying to lookup the issuer CA. – Steffen Ullrich Aug 04 '21 at 05:31
  • @SteffenUllrich do you think it should remain on the security stack? It looks for me like script troubleshooting. – nethero Aug 04 '21 at 06:45
  • @nethero: I'm not sure. If the problem is caused by using the same subject in cert and issuer explaining such issues is probably on-topic. – Steffen Ullrich Aug 04 '21 at 06:54
  • The subject should not pose the issue, but this is so poor I don't know where to start. Use of des3, wildcard CN in the root certificate. Looks like op is barely knowing what he's doing. – nethero Aug 04 '21 at 08:50
  • Additionally, it is not a star certificate, it is a wildcard. – nethero Aug 04 '21 at 09:02
  • Yup. You're totally right I don't know what I'm doing, which is why I'm asking the experts. I'm playing copy-pasta and reading people's playbooks to try to get a foothold in this world. I tried to give a great [S.S.C.C.E.](http://www.sscce.org/) – Ross Rogers Aug 04 '21 at 15:38

2 Answers2

1

From socat documentation we can read the following:

cafile= Specifies the file with the trusted (root) authority certificates. The file must be in PEM format and should contain one or more certificates. The party that checks the authentication of its peer trusts only certificates that are in this file.

I think your certificate may not contain the root CA that is required for this to work.

nethero
  • 482
  • 2
  • 6
0

Based on feedback from @steffen-ullrich and @nethero in their comments and answers, the hangups that I had were the -des3 switch to the root CA, the duplicate subjects in root and leaf certs, and getting pass socat issues.

Solution was to nuke des3 switch, change the duplicate subjects, and instruct socat to ignore verification in this test environment.

The following sequence of openssl commands seems to work:

#!/bin/bash -x
  
export SUBDOMAIN=example.com

openssl genrsa -out rootCA.key -passout pass:pass 4096

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 2048 -out rootCA.crt \
  -passin pass:pass \
  -subj "/C=US/ST=WA/L=Seattle/O=Mother/OU=Ship/CN=root.ca"
  
openssl genrsa -out star.$SUBDOMAIN.key 4096

openssl req -new -key star.$SUBDOMAIN.key -out star.$SUBDOMAIN.csr \
  -subj "/C=US/ST=WA/L=Seattle/O=Foo/OU=Bar/CN=$SUBDOMAIN"
  
cat > $SUBDOMAIN.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.$SUBDOMAIN

EOF
  
openssl x509 -req -in star.$SUBDOMAIN.csr -CA rootCA.crt -CAkey rootCA.key \
  -CAcreateserial -out star.$SUBDOMAIN.crt -days 3650 -sha256 -passin pass:pass \
  -extfile $SUBDOMAIN.ext
  
openssl x509 -in star.$SUBDOMAIN.crt -text -noout

cat star.$SUBDOMAIN.crt star.$SUBDOMAIN.key > star.$SUBDOMAIN.pem

echo socat openssl-listen:4433,reuseaddr,fork,forever,cert=star.$SUBDOMAIN.pem,cafile=star.$SUBDOMAIN.crt,verify=0 \
  exec:'/bin/cat' &
 
sleep 1

openssl s_client -debug -CAfile rootCA.crt  -connect localhost:4433

killall socat

Installed in test Ubuntu with:

sudo mkdir /usr/local/share/ca-certificates/extra
sudo cp rootCA.crt /usr/local/share/ca-certificates/extra
sudo update-ca-certificates
Ross Rogers
  • 101
  • 3