Recently I was debugging a mutual TLS issue between a MQTT client and a broker.
For the TLS setup, a self-signed CA was used to sign both server certificates and client certificates.
Both server and client trust stores had the CA certificate present.
During the handshake I observed, both brokers (RabbitMQ and Mosquitto) sent the CA certificate along with the server certificate.
But on clients, except for JAVA(PAHO), the Python and the nodejs clients both were also sending the CA certificate they had with their response to the server.
If the CA certificates were already installed in the trust stores of both the server and client, why should they exchange the CA at all during the handshake?
PS: Also JAVA client was never sending the CA certificate in its response. In which case, if the server did not send the certificate the handshake failed, but for other clients even if the server did not send the CA in the handshake, the clients were sending the CA in their response and the handshakes were successful.
In general the root CA certificate don't need to be sent inside the TLS handshake, no matter if for client or server certificate. Trust anchors (i.e. the root certificate as the base of the trust chain) need to be already trusted by the peer and thus cannot be taken from a still untrusted network connection. If root CA is sent anyway it will be simply ignored.
Related
I am using OpenSSL program to generate my SSL self-signed certificate, created a CA certificate and a webserver certificate. The webserver certificate, I have signed it with the CA certificate. I created a keystore with Java's keytool to import webserver's certificate.
On the client side, I have imported the CA certificate inside client's Certificate Manager, under the "Trusted Root Certification Authorities".
In theory, is this way considered as a One way TLS or a Two way TLS communication?
Thank you so much for the help!
In TLS protocol by default the client validates servers authenticity, the server sends its certificate during the handshake and the client validates it with the CA certificate in its trust store. It is one way setup
For two way, during the handshake, the server also asks for certificate from client,it validates the certificate sent by the client with the CA certificate in its trust store. So if you want to use two way setup, you need to generate client CA certificate and client certificate(it will be signed by the client CA certificate), the same CA certificate you need to configure at server so that it(server) will be able to validate the client certificate it received during the handshake.
You can also decide to keep same CA certificate for both client and server certificates, making sure client and server certificates are signed by the same CA
In a TLS communication I always thought the server would send the public certificate to the client during the handshake process.
However, I received a request from a provider asking us to manually install a certificate in order to initiate a TLS communication with one of their STunnel server.
I'm a bit confuse by this request. Is there's a situation where TLS server would not be able to send the certificate to the client and therefore required a manuel certificate installation?
There are two cases where a certificate installation is needed on the client side:
The server is using a certificate not issued by a public CA, i.e. self-signed or issued by a private CA. In this case the client must import the certificate or CA up front and install it as trusted.
The server is requiring client authentication based on certificates, i.e. not only the server authenticates to the client with a certificate but also the client to the server (instead or additionally to typical passwords). In this case the client has to get a client certificate and matching key and import so that it can be used for authentication.
It is unclear which of these cases is the one you are dealing with.
When a TLS handshake takes place, the server sends in his ServerHello message, his digital certificate. This digital certificate is digitally signed by a intermediate CA named A and CA A also has a certificate which is signed by CA named root whose certificate is self signed, thus forming a certificate chain. The client then has to establish a trust, validating the server certificate. To perform that validation the client has to validate the entire chain correct?
Must the client have in a truststore all the certificates (A and Root) or the client will download them?
The client usually has only the root CA in the local trust store. The leaf certificate and the intermediate certificate leading to the root CA need to be provided by the server. The intermediate certificates are usually send in addition to the leaf certificate within the TLS handshake.
But it is a typical misconfiguration to only have the leaf certificate send by the server. In this case the certificate validation will fail unless the client has already knowledge of the intermediate certificates or can obtain these somehow. Since often the same intermediate certificates are used, some browsers like Firefox will cache the intermediate certificates they'll got when communicating with server A and fill these in when a broken server B is not sending the required intermediate certificates. Other browsers (like Google Chrome) will try to download the missing intermediate certificates from the internet. Most simpler clients (i.e. apps written in Python, Java ... or curl) will instead just fail with a certificate validation error.
So far, I've used openssl, sslyze, keystore utilities, and some of the standard Windows diagnostics commands to try and characterize this problem. The summary is that as soon as I attempt to use a keystore that has the CA signed certificate in it, I get an immediate handshake failure 40 after the client hello. The connection never gets as far as a server hello with the CA cert in place.
On the same machine (Windows Server 2012), if I use a self signed certificate, the connection works as expected.
Openssl shows the handshake failure with the CA certificate in place.
sslyze shows all ciphers rejected with either no ciphers available or TLS / Alert handshake failure.
The fact that this is successful with a self-signed certificate tends to indicate that the "basics" are there, that the client and server have the necessary ciphers and so on to connect, and that server.xml is configured properly.
There were no error messages when importing the certificates, and everything seems to be configured correctly with the CA certs based on keytool checks. There are no error messages given during server start to indicate any problems processing the certificate.
Is there something I should be looking more closely at in regards to the keystore with the CA cert that could cause this complete rejection of the client hello? How would a different keystore or CA certs within aaffect the earliest steps of the handshake?
Thank you for information provided.
I assume that you are talking about a server side certificate and a server side key store, since the error happens at a state where no client certificates are yet involved. If the server is able to send the self-signed certificate to the client, but is not able to send the CA signed certificate to the client, then it must be something wrong with the certificate you are trying to send or that the certificate can not be used together with the ciphers offered by the client.
Since the problem is obviously on the server side you should first check all logs written on the server side for hints what the error might be. Typical problems are non-existing files, wrong files, password protected client key w/o providing a password or that the key does not belong to the certificate.
I can't figure out how to get Trusted TLS connections between my primary mail server (mail.sfnet.it) and mail exchanger (mx.sfnet.it)
They both use Postfix as MTA and they both have a PositiveSSL certificate installed and everything seems to work well, except for trusted handshake.
I've set CA path, reconfigured package, but nothing to do. Any idea?
Postfix log says:
postfix/smtp[20689]: Untrusted TLS connection established to mail.sfnet.it[94.23.65.191]:25: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
It may be necessarily to specify a path to trusted certificates with smtp_tls_CApath:
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_CApath = /etc/ssl/certs
Can you check if the certificate is correctly installed for mail.sfnet.it on the smtp port? SSL Labs (https://www.ssllabs.com/ssltest/analyze.html?d=mail.sfnet.it&hideResults=on) indicates that the server's certificate is untrusted (self-signed) on 443 and I suspect it may be the same on the smtp port as well.
The connection is untrusted because the sender MTA doesn't recognize the CA that signed the recipient MTA's certificate. To make the MTAs trust each other's certificates, you have to install the CA certificate on both the MTAs. The installation process depends on what distro you are using. Here is an example for centOS.
You can get the CA certificate from the official positivessl site. Here is what I found.