1
I want to know how can I find out for sure that a given file is an SSL certificate. Is the file extension is enough to find out that a file is a certificate or not?
mamadou
Posted 2019-05-06T13:26:26.293
Reputation: 31
Identify an SSL certificate uniquely
Answers
1
An SSL certificate is nothing more than an X.509 version 3 certificate with a few additional constraints for common usage.
The main constraint is of course the X500 Common Name (CN), which needs to be set to the name of the server. The Subject Alternative Name field may include more names, by the way.
Furthermore, for most certificates the Extended Key Usage needs to be set to Server Authentication (which corresponds to OID: 1.3.6.1.5.5.7.3.1). Servers may also set the Client Authentication (OID: 1.3.6.1.5.5.7.3.2).
Note that, at least for TLS 1.2, these restrictions are not explicitly mentioned in the specification (ugh), but you'd better be sure they are present unless your browsers / clients start to scream murder.
To validate that a file is a (TLS) certificate it is probably easiest to open it using Windows and check the few additional constraints. Personally however I would prefer using e.g. OpenSSL command line so you can simply output to text:
openssl x509 -text -noout -in stackexchangecom.pem
would for example output the following:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:65:c6:4e:74:e5:91:d6:80:39:ca:2a:84:75:63:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA
Validity
Not Before: Oct 5 00:00:00 2018 GMT
Not After : Aug 14 12:00:00 2019 GMT
Subject: C=US, ST=NY, L=New York, O=Stack Exchange, Inc., CN=*.stackexchange.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:f4:a9:3a:35:75:0f:d6:87:17:b7:cf:66:4f:57:
08:c5:a7:41:87:30:8b:d1:84:ea:3f:4d:7f:0d:2a:
2d:50:74:73:57:bd:2a:38:24:fb:01:d3:13:d0:ad:
49:8b:aa:c5:c9:aa:73:46:2a:94:22:10:24:84:4b:
1e:5d:1a:74:30:da:f6:d5:f4:94:c3:85:68:09:bf:
88:98:ee:a0:9c:89:73:a2:59:21:ae:92:ba:23:2d:
f8:2b:25:37:cf:2b:7c:5d:80:fe:99:8d:e2:f0:68:
cf:64:ec:ac:44:93:4b:cb:7a:2e:40:19:b3:b8:e9:
94:ff:61:68:9a:79:a2:10:61:74:da:65:60:6f:77:
af:f0:fa:dc:9e:de:dd:0a:21:7b:96:20:48:b1:dd:
f3:90:f7:97:bd:35:58:71:57:1b:fc:c0:6b:14:4c:
dc:e0:5b:88:ba:98:53:88:96:e8:37:3f:30:1e:ff:
7e:3d:70:17:51:41:fc:4c:44:ab:51:f1:4f:08:a2:
47:c1:df:44:02:83:57:f2:33:d4:d5:32:31:88:2a:
1e:e9:73:79:13:59:8f:c8:68:32:bc:49:da:70:7f:
c7:7a:b2:bf:78:b7:38:e8:be:d8:59:51:91:ca:31:
d6:69:a4:ca:d2:b2:61:2a:09:21:e7:da:ac:58:17:
67:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:51:68:FF:90:AF:02:07:75:3C:CC:D9:65:64:62:A2:12:B8:59:72:3B
X509v3 Subject Key Identifier:
9A:8A:C1:6E:C1:F2:4D:FA:D9:7B:02:D4:8F:B3:03:AC:6A:3D:C6:58
X509v3 Subject Alternative Name:
DNS:*.stackexchange.com, DNS:stackexchange.com, DNS:stackoverflow.com, DNS:*.stackoverflow.com, DNS:stackauth.com, DNS:sstatic.net, DNS:*.sstatic.net, DNS:serverfault.com, DNS:*.serverfault.com, DNS:superuser.com, DNS:*.superuser.com, DNS:stackapps.com, DNS:openid.stackauth.com, DNS:*.meta.stackexchange.com, DNS:meta.stackexchange.com, DNS:mathoverflow.net, DNS:*.mathoverflow.net, DNS:askubuntu.com, DNS:*.askubuntu.com, DNS:stacksnippets.net, DNS:*.blogoverflow.com, DNS:blogoverflow.com, DNS:*.meta.stackoverflow.com, DNS:*.stackoverflow.email, DNS:stackoverflow.email, DNS:stackoverflow.blog
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/sha2-ha-server-g6.crl
Full Name:
URI:http://crl4.digicert.com/sha2-ha-server-g6.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.114412.1.1
CPS: https://www.digicert.com/CPS
Policy: 2.23.140.1.2.2
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
Timestamp : Oct 5 02:24:01.827 2018 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F0:9A:77:1B:F8:ED:C0:78:40:E3:AF:
37:DB:3F:47:6D:C4:7A:91:1B:48:8E:3F:32:E0:1D:7F:
9B:CA:79:4E:FD:02:21:00:DA:06:77:3B:C9:F3:B9:45:
5A:9D:15:BD:7E:0E:A6:81:FB:0B:D3:C3:67:FD:91:A6:
EF:73:BF:17:72:06:5F:65
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:
8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F
Timestamp : Oct 5 02:24:02.054 2018 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D0:8D:F9:95:06:AF:BF:CB:68:01:2B:
F7:84:F7:1E:A3:CF:D8:53:67:9B:48:7E:19:12:B5:2F:
39:7C:C0:31:7A:02:21:00:C0:2E:36:4C:AE:3B:8B:74:
E8:48:84:80:C5:A2:6A:52:59:B8:09:E4:43:0D:BD:19:
C7:88:04:6F:2B:D4:0A:77
Signature Algorithm: sha256WithRSAEncryption
00:93:ce:f7:ff:ed:90:b3:02:9f:25:24:27:fa:26:5e:65:cf:
2e:88:68:3d:f6:99:9d:d3:4f:04:d9:c9:86:12:ba:8d:cc:f7:
25:2b:d2:0d:6c:f8:f0:c6:5f:73:22:04:dc:5e:91:7f:52:d0:
55:55:2d:59:ed:7a:3c:de:a7:ec:18:c3:dd:33:36:2d:dc:5f:
a1:42:94:18:2e:19:46:17:ee:49:7f:6c:7a:65:bd:73:8d:3f:
da:33:71:8c:74:68:be:e8:e3:d5:f9:81:e5:ff:08:14:7b:8e:
4d:ea:44:6e:0d:99:d5:2f:5e:bb:f9:6d:e5:da:70:fe:99:28:
4e:ff:bc:6a:c0:78:99:bb:3d:06:1f:20:47:46:9e:62:e3:76:
e5:1f:4b:e0:eb:bb:09:f2:0b:8d:f3:5a:5a:a6:ea:58:da:fe:
fc:15:cb:d1:f2:3d:04:2d:f8:32:7a:1b:56:a6:31:77:bf:32:
92:ab:fa:d8:da:c3:17:4d:8c:d2:3e:a3:1e:92:cb:1e:1c:d8:
52:31:85:3a:5b:0f:61:f6:9c:8c:69:59:f0:f6:f6:a1:a9:fe:
e7:28:71:dc:0b:65:51:4d:48:24:41:f9:fd:c8:39:a6:04:ea:
34:9d:0f:17:81:fa:5d:eb:9f:cf:6b:15:5f:06:7b:8a:7c:49:
17:05:fa:4c
This is assuming a certificate in PEM format, for binary format you can add -inform DER, checking which one is used can be performed using the file command, commonly present on Linux and Cygwin (if installed correctly).
Personally I would not necessarily trust file extensions. It's just too easy to have a file with the wrong extension, file extensions are a very loose way of typing system.
OK, so now you've verified that the file is an X.509 certificate with regard to structure. However, you may further want to verify the certificate chain up to a trusted certificate. And you may want to perform the other validation as well, such as checking if the certificate is still valid at the right date(s). Here is a pointer on how to do that.
To be entirely complete you might also want to check the OCSP status, to see if the Certificate Authority (CA) revoked the certificate.
You would definitely need this if the certificate could be generated by an adversary or because it is a (self signed) testing certificate generated by one of the developers in a company.
Maarten Bodewes
Posted 2019-05-06T13:26:26.293
Reputation: 1 183
does openssl decode all type of certificates? – mamadou – 2019-05-07T11:26:28.230
A certificate is nothing more than a signed binary message containing a public key, so no. For instance, card verifiable certificates and PGP public keys (which are more or less certificates as they contain additional info and can be signed) cannot be parsed directly by OpenSSL. Of course, as an implementation of TLS, you would hope that all compatible certificates are at least supported :) However, if you take a look at the old "X.509 style guide", there is likely to be a bug somewhere just because of complexity. – Maarten Bodewes – 2019-05-08T12:50:51.010
So TLS just supports X.509 v3 certs. With regards to the bug, as e.g. Apache uses OpenSSL, Certificate Authorities would quickly scream murder if one of their certificates would not be accepted, so if there are bugs they are not likely to be affected by certs in the wild. You'd expect CA's to test with at least OpenSSL before releasing certs based on a new X.509 template. – Maarten Bodewes – 2019-05-08T12:54:42.623
1Technically OpenSSL supports all versions of X.509 identity certs (v1, v2, v3), but in practice no one uses v2. Public and otherwise well-managed CAs haven't used v1 since last century, but busy (or lazy) developers and testers still do, and they still work for sufficiently small values of work. For completeness, OpenSSL also supports as a PEM file format 'TRUSTED CERTIFICATE' which is actually an X.509 cert plus some added local info in a separate chunk of DER; see the routines involving _AUX in crypto/x509/x_x509{,a}.c – dave_thompson_085 – 2019-05-10T23:14:37.920
Thanks for the additions Dave, I was already wondering when you stopped by :) – Maarten Bodewes – 2019-05-10T23:24:06.960
A file extension usually, conventionally indicates the type of the contents, but generally nothing enforces this. If you personally choose the file names, you can ensure that the extension is accurate, but if you download or unpack files from other systems or people you cannot in general rely on this. – dave_thompson_085 – 2019-05-10T23:03:51.223