Doesn't everyone in the world have a copy of Gmail's SSL certificate? If so why does our browser trust gmail.com just because it sent me this certificate? Can't any old person send me this same certificate just by going to gmail.com and downloading it?
No. The server sends its certificate and a digital signature signed by its private key during the SSL handshake. Only the true certificate owner can do that.
This is all described in RFC 2246.
Read up on...
http://en.wikipedia.org/wiki/Public-key_infrastructure
Basically google sends down its public key to your browser through SSL. How can the browser trust it's really google? The public key in turn is signed by a CA (certificate authority). The browser is pre-configured with well known CAs.
It's not possible (or to be more precise hard enough to be impractical) to forge google's cert. That's because you don't have google's private key. Unless you used this same key, your forged cert would fail validation with the CA.
Related
I secure successfully a Nifi Node (localhost) with SSL but I have always a yellow padlock in my browser as you can see in the pic here
Do you have any idea?
Thanks
If you used an untrusted certificate then this is expected behavior. You would have to purchase a real certificate for a real domain name in order for the browser to not warn you.
I see the description below:
Standalone : generates the certificate authority, keystores, truststores, and nifi.properties files in one command
Client/Server mode : uses a Certificate Authority Server that accepts Certificate Signing Requests from clients, signs them, and sends the resulting certificates back. Both client and server validate the other’s identity through a shared secret.
Standalone and client, both generate the certificate authority, keystores, truststores.
Sorry, I don't see the difference.
I wonder if anyone can provide more detailed description of point 2 of the answer to How are ssl certificates verified?.
What algorithms are used to verify that the certificate was signed by the trusted CA? What ideas are they based on? Why it is not possible to simulate trusted CA signature (make a certificate that the browser will treat as valid)?
It's a digital signature. You can verify it via the public key in the associated certificate. The algorithms are as specified in the certificate itself.
What is the proper way of using SSL certificates for private applications? By private I mean that I am the only user, and software is running on my computers.
I want to have a encrypted communication between two of my programs. I want to send passwords between them, so I need to be sure that remote program is not fake/hacked.
As far as I understand I don't need to get paid SSL certificate from the CA, if there is no third party involved.
Is the following correct?
Server has a private key and self-signed SSL certificate.
Client has a copy of server's self-signed certificate (it needs to be well protected).
During the handshake server sends the certificate to client.
client checks if the certificates are the same.
client can start encrypted transmission.
Is there other way?
Server has a private key and self-signed SSL certificate.
Yes
Client has a copy of server's self-signed certificate (it needs to be well protected).
The client has either a copy of the certificate or the certificates public key or the fingerprint of these. Since the certificate is public these information do not need to be protected. Only the private key of the server (residing only in the server side) needs to be protected because using this key one could prove ownership of the certificate.
During the handshake server sends the certificate to client.
Yes.
client checks if the certificates are the same.
Kind of. It might check the certificate or the public key or the fingerprints.
client can start encrypted transmission.
Yes.
I would recommend that you read the OWASP article about certificate and public key pinning. It also contains sample code for various environments.
Client has a copy of server's self-signed certificate (it needs to be well protected).
Clients do not have copy of the server certificate. They get it in SSL handshake
client checks if the certificates are the same.
NO! Clients will have the public certificate of the Certificate Authorities who would have signed the server certificate. They will validate the server cert with the CA cert including things like certificate expiry, CRLs. Not compare for 'sameness'
In your case you are using the self-signed certificates. The clients should be made to ignore the self signed certificate and proceed with SSL handshake.
I would recommend you read through SSL handshake sequence again.
I am sure this is embedded in the details of the SSL certificate/HTTPS specs but I am not entirely grokking this subject.
If a modern browser connects to a HTTPS site, the body of the HTTP request is encrypted. Is the SSL certificate essentially the "public" key used to communicate back and forth between the client and server?
Couldn't a hacker get the public key from the public site, say "https://www.google.com" and monitor client/server traffic and decrypt the data?
Also, do clients need to verify the "issuer" of a certificate. For example, self sign certificates clients don't need to verify but for certificates provided from a trusted issuer, what happens during the certificate verification process?
The server's certificate contains a public key which in fact is visible to everybody. This key in turn is used during the handshake between the server and client in order to create a unique session key that will be used to encrypt any further messages:
http://en.wikipedia.org/wiki/Secure_Sockets_Layer#TLS_handshake_in_detail
Couldn't a hacker get the public key from the public site, say
"https://www.google.com" and monitor client/server traffic and decrypt
the data?
The hacker won't know the session key. He will be listening to (senseless) encrypted stuff.
Also, do clients need to verify the "issuer" of a certificate. For
example, self sign certificates clients don't need to verify but for
certificates provided from a trusted issuer, what happens during the
certificate verification process?
Like you said, the issuer of the certificate is verified against a pre-defined list of trusted authorities. Any certificate up in the chain will be verified too, including the trusted issuer, expiration dates. Additionally each certificate contains URLs that point to Certificate Revocation Lists (CRL Distribution Points), the client will attempt to download the list from such URL and ensure the certificate at hand has not been revoked.
I'm not sure is similar question has been asked before (I couldn't find any), but is it possible to protect Client/Server from Man-In-The-Middle attack?
I'm writing a Client application to communicate with Server. Communication will be SSLv3 based.
I am OK with server's self-signed certificates, but worried about someone else generating same self-signed certificate in the same server name and pretend to be it. My Client application uses OpenSSL library. [Client and Server are thrift based, if it makes any difference]. Can I avoid such attack at the same time maintaining support for self-signed certificates?
Yes.
In short, a self signed certificate is more insecure than a CA certificate only when the client does not know the certificate in advance and therefore has no way to validate that the server is who it says it is.
If you add the self signed certificate to the client and don't accept any other certificate, you're actually as secure (or, one could argue, even more so) than having a certificate authority signed certificate.
The important parts to keep SSL secure with or without a certificate authority are;
The server private key (and in the case of a CA, the private keys of all its roots) is kept secret.
The client knows the server certificate (or its CA root).
You can hard-code the server's certificate and compare it against what you receive.
Or better yet, create a CA certificate and server certificate, signed by the CA. Have the CA trusted on the client (again by hardcoding it in your application) and validate received server certificate using the CA certificate.
If you can protect your private keys well enough, a middleman will not be able to masquerade as you, assuming the user actually looks at the certificate. The problem with self-signed is that if you want the user to add the exception to their browser, or just ignore the warning, then you are exposed to man-in-the-middle attack, because anyone else may create their own certificate.
Of course, "protecting your private keys well enough" is not trivial at all. When you pay for a "Verisign" certificate, you're not paying for their software creating the certificate - you're paying for the security forces they have guarding the building in which the private keys are stored.
That's easy! NOOOO !!! Not anymore than you could prevent a man-in-the-middle attack from certificate issued-by a well-know authority. >:)