Como exibir o certificado de um servidor quando o certificado é assinado por uma AC desconhecida?

2

Eu tenho um servidor que está me dando problemas de TLS e gostaria de ver o certificado que está sendo apresentado para ajudar a diagnosticar o problema. Normalmente, eu usaria o openssl para exibir o certificado da seguinte forma:

$ openssl s_client -connect facebook.com:443

No entanto, não sei o que a CA assinou no certificado desse servidor. Eu pensei que era nossa CA interna, mas o teste sugere o contrário. Portanto, não posso usar os sinalizadores -CAfile ou -CApath de openssl para especificar a CA.

Mais uma restrição. O servidor não é um servidor HTTP (é postgres), senão usaria apenas curl --insecure .

Eu tentei usar o sinal -verify porque, de acordo com a documentação do OpenSSL :

The verify depth to use. This specifies the maximum length of the server certificate chain and turns on server certificate verification. Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. As a side effect the connection will never fail due to a server certificate verify failure.

Pretende continuar após todos os erros, para que todos os problemas possam ser vistos. No entanto, tudo que eu obtenho é:

1737:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Essa é a mensagem de erro que recebo com ou sem -verify .

Então, como posso ver o certificado apresentado pelo servidor?

    
por tytk 23.09.2016 / 20:54

1 resposta

1

How to display a server's certificate when the cert is signed by an unknown CA?

Isso é fácil (e a CA não leva em conta as coisas) ... Pipe s_client output into x509 como entrada com -text -noout options. O comando abaixo também inclui o SNI e o TLS 1.0.

$ openssl s_client -connect facebook.com:443 -servername facebook.com -tls1 | openssl x509 -text -noout
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify error:num=20:unable to get local issuer certificate
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:cb:09:39:b2:b1:01:54:b8:95:70:c7:b2:2b:7a:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
        Validity
            Not Before: Aug 28 00:00:00 2014 GMT
            Not After : Dec 30 12:00:00 2016 GMT
        Subject: C = US, ST = CA, L = Menlo Park, O = "Facebook, Inc.", CN = *.facebook.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:d8:d1:dd:35:bd:e2:59:b6:fb:9b:1f:54:15:8c:
                    db:bf:4e:58:bd:47:be:b8:10:fc:22:e9:d2:9e:98:
                    f8:49:2a:25:fb:94:46:e4:42:99:84:50:1c:5f:01:
                    fd:14:25:31:5c:4e:d9:64:fd:c5:0c:b3:46:d2:a1:
                    bc:70:b4:87:8e
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:51:68:FF:90:AF:02:07:75:3C:CC:D9:65:64:62:A2:12:B8:59:72:3B

            X509v3 Subject Key Identifier: 
                43:09:93:40:FA:11:4B:30:33:EC:F2:87:6E:8D:71:18:CF:8A:BC:8E
            X509v3 Subject Alternative Name: 
                DNS:*.facebook.com, DNS:*.facebook.net, DNS:*.fb.com, DNS:*.fbcdn.net, DNS:*.fbsbx.com, DNS:*.m.facebook.com, DNS:*.messenger.com, DNS:*.xx.fbcdn.net, DNS:*.xy.fbcdn.net, DNS:*.xz.fbcdn.net, DNS:facebook.com, DNS:fb.com, DNS:messenger.com
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl3.digicert.com/sha2-ha-server-g5.crl

                Full Name:
                  URI:http://crl4.digicert.com/sha2-ha-server-g5.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114412.1.1
                  CPS: https://www.digicert.com/CPS
                Policy: 2.23.140.1.2.2

            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
                                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
                    Timestamp : Dec 16 15:50:03.515 2015 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:28:C8:7D:86:5D:F1:14:32:9D:3A:50:3E:
                                2F:C2:99:80:EC:13:C8:F9:1F:5D:9F:8A:0A:81:FB:F9:
                                EA:02:8C:F5:02:20:28:6F:7F:97:B3:27:01:66:BB:89:
                                4D:C5:A8:53:3A:34:CE:F6:AB:46:AE:F1:70:BD:B8:27:
                                2D:C2:03:28:F6:2C
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 68:F6:98:F8:1F:64:82:BE:3A:8C:EE:B9:28:1D:4C:FC:
                                71:51:5D:67:93:D4:44:D1:0A:67:AC:BB:4F:4F:FB:C4
                    Timestamp : Dec 16 15:50:03.453 2015 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:FB:7B:CE:FA:1D:74:6B:EB:76:20:77:
                                16:E3:C0:58:72:B3:21:35:9A:C0:43:2D:A8:90:77:E1:
                                B7:9A:DA:5F:6D:02:20:04:AA:8B:42:D2:AC:CA:D1:87:
                                DF:70:54:C7:1E:22:20:53:36:DF:93:5B:B8:1F:5B:FC:
                                80:05:D1:9A:5A:AB:B0
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
                                46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
                    Timestamp : Dec 16 15:50:03.663 2015 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:FE:2C:B6:D4:EF:95:FF:FC:CD:78:71:
                                81:88:AD:3A:B3:A3:12:0C:82:B2:D8:B5:4C:E6:F1:66:
                                FE:D4:7E:34:A5:02:20:2D:2B:D5:D5:13:84:9C:99:D9:
                                16:65:15:08:DC:59:65:C5:C0:2C:6A:95:E7:E9:83:9F:
                                AF:26:8B:39:10:26:28
    Signature Algorithm: sha256WithRSAEncryption
         aa:91:ae:52:01:8c:60:f6:02:b6:94:eb:af:6e:eb:dd:3c:c8:
         e1:6f:17:ab:b8:28:80:ec:dc:54:82:56:24:c1:16:08:e1:c2:
         c8:3e:3c:0f:53:18:40:7f:df:41:36:93:95:5f:b1:d9:35:43:
         5e:94:60:f9:d6:a7:83:6a:7d:c7:b4:f6:0b:90:76:f8:b4:0a:
         c1:31:0d:16:18:b5:cb:71:5c:f9:93:02:21:aa:bb:40:fd:ee:
         0a:1b:a9:f2:c3:0e:25:13:63:67:a2:42:eb:79:ea:5f:8f:fb:
         d8:bb:76:8c:5f:61:ca:2c:be:01:44:09:af:36:1e:a9:f7:40:
         1c:a4:b3:65:78:42:68:04:f0:4b:0c:7f:1f:d9:13:f6:0a:3b:
         35:79:73:69:c7:3c:70:e5:5d:06:98:ea:88:d5:dd:6b:e6:66:
         62:57:cf:af:d0:fb:67:9b:e0:c8:20:3a:b9:b6:4f:39:7a:5f:
         c4:fd:a0:46:8c:bc:c7:44:a7:b3:ab:52:49:db:86:97:ed:2e:
         bc:80:56:95:9f:d2:63:84:57:e7:92:15:32:e4:75:c5:81:52:
         cb:3b:26:e1:5d:4b:fd:e0:39:5e:81:06:af:cc:7e:77:d1:9d:
         9a:06:6f:ef:f7:fc:e2:86:5a:16:5a:c2:04:de:80:e3:78:1f:
         0f:fc:7f:df

I don't know what CA signed this server's cert. I thought it was our internal CA but testing suggests otherwise. Thus I cannot use openssl's -CAfile or -CApath flags to specify the CA.

Não tenho certeza do que você está recebendo aqui. duvido sua CA interna assinou o certificado do Facebook. Além disso, o PKIX permite apenas o um emissor, pelo que não pode haver duas ou mais assinaturas da CA no certificado. Isso porque há apenas provisões para um Emissor , um Identificador de Chave de Autoridade , etc. Embora não seja permitido, esse caso de uso faz muito sentido; veja também Certificado com vários signatários? na lista de discussão do PKIX.

Se você quiser que openssl s_client termine com Verify return code: 0 (ok) , use CAfile com a CA do DigiCert. Você quer aquele chamado "CA raiz do EV de alta garantia DigiCert" , e você precisa convertê-lo em PEM.

Buscar a CA raiz do EV do DigiCert High Assurance

$ wget https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt
--2016-10-13 16:34:12--  https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt
Resolving www.digicert.com (www.digicert.com)... 64.78.193.234
Connecting to www.digicert.com (www.digicert.com)|64.78.193.234|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 969 [application/x-x509-ca-cert]
Saving to: ‘DigiCertHighAssuranceEVRootCA.crt’

DigiCertHighAssuran 100%[===================>]     969  --.-KB/s    in 0s      

2016-10-13 16:34:13 (11.6 MB/s) - ‘DigiCertHighAssuranceEVRootCA.crt’ saved [969/969]
$

Converter certificado para o PEM

$ openssl x509 -in DigiCertHighAssuranceEVRootCA.crt -inform DER \
  -out DigiCertHighAssuranceEVRootCA.pem -outform PEM
$

Conecte e verifique

$ openssl s_client -connect facebook.com:443 -servername facebook.com \
  -tls1 -CAfile DigiCertHighAssuranceEVRootCA.pem 
CONNECTED(00000005)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = CA, L = Menlo Park, O = "Facebook, Inc.", CN = *.facebook.com
verify return:1
Server did acknowledge servername extension.
---
Certificate chain
 0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook, Inc./CN=*.facebook.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
...

    Start Time: 1476391066
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

However, all I get is:

1737:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Apenas um palpite, mas ... Tente usar o SNI ( -servername option) e o TLS 1.0 ou superior (a opção -tls1 é para o TLS 1.0).

    
por 13.10.2016 / 22:18