Rectangle 27 5

I know this is an old question but it does not yet appear to have an answer. I've duplicated this situation, but I'm writing the server app, so I've been able to establish what happens on the server side as well. The client sends the certificate when the server asks for it and if it has a reference to a real certificate in the s_client command line. My server application is set up to ask for a client certificate and to fail if one is not presented. Here is the command line I issue:

Yourhostname here -vvvvvvvvvv
s_client -connect <hostname>:443 -cert client.pem -key cckey.pem -CAfile rootcert.pem -cipher ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH -tls1 -state

When I leave out the "-cert client.pem" part of the command the handshake fails on the server side and the s_client command fails with an error reported. I still get the report "No client certificate CA names sent" but I think that has been answered here above.

The short answer then is that the server determines whether a certificate will be sent by the client under normal operating conditions (s_client is not normal) and the failure is due to the server not recognizing the CA in the certificate presented. I'm not familiar with many situations in which two-way authentication is done although it is required for my project.

You are clearly sending a certificate. The server is clearly rejecting it.

The missing information here is the exact manner in which the certs were created and the way in which the provider loaded the cert, but that is probably all wrapped up by now.

Thanks for the additional information. I hope it helps more people in the future. My issue was eventually "solved" by the server's sysadmin team insisting it was our certificate's fault and forcing us to purchase a completely new one from another registrar. I believe this worked because the CA certs for the new registrar were already loaded in their gateway (instead of having been incorrectly added to support the CA of our original cert.)

After tracking down the very same path in this question, I found that the reason the server was rejecting my test certs was due to an incorrect certificate type being used for the client. As it turned out, the one I had was marked as: X509v3 Extended Key Usage: TLS Web Server Authentication. A client cert should have X509v3 Extended Key Usage: TLS Web Client Authentication. So the root cause was that a Web Server cert and not a client cert was being presented by the client. Re-generating a correct client type cert worked!

easyrsa
build-client-full
./easyrsa --subject-alt-name="DNS.1:*.ec2.internal" build-client-full exampleclient nopass

ssl - openssl s_client -cert: Proving a client certificate was sent to...

ssl openssl ssl-certificate
Rectangle 27 46

In order to verify a client certificate is being sent to the server, you need to analyze the output from the combination of the -state and -debug flags.

First as a baseline, try running

$ openssl s_client -connect host:443 -state -debug

You'll get a ton of output, but the lines we are interested in look like this:

  • The -state flag is responsible for displaying the end of the previous section: "SSL_connect:SSLv3 read server done A". This is only important for helping you find your place in the output.
-debug

"write to...", "0000 - ...", "000c - ..."

  • Finally, the -state flag is once again reporting the result of the step that -debug just echoed: "SSL_connect:SSLv3 write client certificate A".

So in other words: s_client finished reading data sent from the server, and sent 12 bytes to the server as (what I assume is) a "no client certificate" message.

If you repeat the test, but this time include the -cert and -key flags like this:

$ openssl s_client -connect host:443 \
   -cert cert_and_key.pem \
   -key cert_and_key.pem  \
   -state -debug`

your output between the "read server done" line and the "write client certificate" line will be much longer, representing the binary form of your client certificate:

SSL_connect:SSLv3 read server done A
write to 0x7bd970 [0x86d890] (1576 bytes => 1576 (0x628))
0000 - 16 03 01 06 23 0b 00 06-1f 00 06 1c 00 06 19 31   ....#..........1
(*SNIP*)
0620 - 95 ca 5e f4 2f 6c 43 11-                          ..^%/lC.
SSL_connect:SSLv3 write client certificate A

The "1576 bytes" is an excellent indication on its own that the cert was transmitted, but on top of that, the right-hand column will show parts of the certificate that are human-readable: You should be able to recognize the CN and issuer strings of your cert in there.

+1 for the -state and -debug flags

ssl - openssl s_client -cert: Proving a client certificate was sent to...

ssl openssl ssl-certificate
Rectangle 27 2

The server is requesting a certificate and providing a list of trusted signers. This comes from the server's truststore. The client doesn't have a certificate signed by one of those signers in its keystore, so it cannot send a certificate.

Solution: either have the client certificate signed by one of the trusted signers, or enhance the trusted signers to include the signer of the client certificate.

java - How to configure two way ssl on client and server on tomcat 7 u...

java web-services ssl tomcat7 mutual-authentication
Rectangle 27 1

You should be calling the API SSL_CTX_set_verify and passing SSL_VERIFY_PEER as input to the second parameter mode.

In TLS, client requests a certificate from server depending on the cipher suites exchanged, whereas the server requests the certificate from client only when you explicitly tell it do so as client authentication is optional and not cipher suite driven. When you set the SSL_VERIFY_PEER mode, server will explicitly send a Certificate Request message to Client and request for a certificate and verify it.

You can also verify if a Certificate Request message is going from Server to Client using a Packet Capture.

SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
140681691920032:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:3285:

Yes. Looks like either the certificate was not loaded on client side or due to some reason, client is refusing to send certificate to server. Please check the error on the Client Side to see what error it is giving.

Client is not giving any error :-(

You need to check the packet captures. Possible reason could be that the algorithm of the client side certificate and private key loaded by you might not match the requirements of the server (specified through extensions for TLS 1.2 in the hello messages) or certificate strength may not be sufficient.

Actually I was using certificate that is not added in trusted list. Adding SSL_CTX_load_verify_locations(ctx, "CERTS/ca.pem", NULL); on server side. Solved the issue. Marking the answer as accepted. Thanks @Jay

openssl - How to load Client certificate during ssl connection for mut...

ssl openssl x509certificate x509
Rectangle 27 10

Some HTTP clients accept this certificate, and others do not. What could make the difference?

The short answer: load balancing, virtual hosting and SNI.

The long answer... first, here's an analysis of the certificate. We need to go though this to ensure there's no obvious mistakes.

From the dump below, there's a wildcard DNS name in the Common Name. Placing a DNS name in the CN is deprecated by both the IETF and the CA/Browser Forums. A "friendly name" should be placed in the CN because its displayed to the user. While its deprecated, its not forbidden.

Instead, DNS names should go in the Subject Alternate Name. There should be two of them. The first would be lucidpress.com and the second would be *.lucidpress.com. You need just lucidpress.com because the wildcard needs to match a label.

For reference, the IETF deprecates a DNS name in the CN in RFC 6125 Section 3.1 Server Identity; and Section 6.4.4 Checking of Common Names.

The CA/Browser Forums deprecates a DNS name in the CN in Baseline Requirements (BR) Section 9.2.2 Subject Common Name Field. Also, according to the CA/B, the Subject Alternate Name is required. See Section 9.2.1 Subject Alternative Name Extension.

Related: RFC 6125, Section 6.4.3, also does not allow the matching of *.lucidpress.com to lucidpress.com. The CA/B BR covers wildcards in Section 11.1.3, but it does not discuss matching rules.

With the background information above and the certificate below, here's what is going on.

You have 2 names in the default certificate. Its served by default by Apache because its the first virtual host in the configuration file.

lucidchart.com
*.lucidchart.com

You have 2 names in the Lucid Press' certificate.

lucidpress.com
*.lucidpress.com

I think the difference is Server Name Indication (SNI). Its a TLS extension, so you need TLS 1.0 or above. Those that have no trouble get the Lucid Press certifcate and use TLS 1.0 or above with SNI; those that have trouble get the default certificate and use SSLv3 or no SNI. Windows XP will use TLS 1.0 but not SNI, so its experienced often in the field due to the deployment base.

The browsers accept it because they are using TLS 1.0 or above and sending the SNI extension. Because SNI allows your Apache server to select the proper certificate during the handshake, there are no name matching problems.

Java rejects it because it uses SSLv3, even when you say SSLContext.getInstance("TLS");. You have to jump through some hoops to ensure you really get TLS 1.0 and above. There's a few questions on Stack Overflow about it. See, for example, Which Cipher Suites to enable for SSL Socket?.

Python rejects it because I'm guessing you are using 2.x, or you are allowing SSLv3. You need 3.0 or above to get SNI. See Python 3 Support? on the Python FAQ.

wget added support for SNI in version 1.14. I suspect wget is not enabling its or using SSLv3.

cURL likely ensures SNI is used if available. Daniel is very thorough, and he tries to ensure a trouble free experience and secure posture out of the box.

In the OpenSSL dump, the options of interest are -tls1 -servername. You can get TLS without SNI by omitting -servername. So you need both tls1 and -servername <host>.

$ openssl s_client -tls1 -servername www.lucidpress.com \
     -connect www.lucidpress.com:443 | openssl x509 -text -noout
depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12250220837273305 (0x2b8582cd6cfed9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
        Validity
            Not Before: May 12 16:20:34 2014 GMT
            Not After : Jul  9 22:19:45 2015 GMT
        Subject: OU=Domain Control Validated, CN=*.lucidpress.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c8:e0:f6:77:03:c9:5e:cb:51:e3:d3:7a:b6:60:
                    d9:3d:60:26:9c:4b:00:c5:cb:b1:55:2e:d9:ee:f5:
                    08:8d:b7:64:e9:31:2e:83:e4:24:f3:89:4e:46:87:
                    b8:55:b6:34:0a:c9:3b:55:08:10:77:13:7e:85:d6:
                    8c:fa:06:dd:c1:7f:fa:9e:13:c8:1a:d8:36:22:3c:
                    cb:16:9f:cb:c7:5b:7c:7c:0b:6d:c3:ef:24:45:15:
                    5a:7a:38:dd:df:83:eb:c3:ea:9b:57:d5:8f:d8:6c:
                    ff:33:4a:21:02:2a:92:9a:e0:5d:58:51:75:07:b6:
                    ad:21:8c:34:91:20:f5:00:9e:f6:dd:90:7e:a8:60:
                    0e:14:73:de:90:a1:f4:29:83:a0:d8:9d:29:e5:de:
                    c5:cb:b5:36:84:ba:30:d4:a9:9f:b9:bf:89:26:e5:
                    80:5a:f6:3b:27:cc:6d:3f:31:1e:cc:51:09:12:73:
                    a6:de:da:b9:a4:19:86:68:7f:e6:2b:c7:3b:a6:ce:
                    6a:5a:dd:c9:ac:61:18:80:f5:d4:f1:6a:70:2c:9f:
                    8f:af:a6:c5:1d:78:97:97:90:92:6c:21:61:39:ce:
                    f8:c9:99:e2:02:b5:ce:ba:dc:f4:46:ba:e3:1f:ec:
                    ce:a5:e4:6b:56:1e:e6:20:89:44:7b:2c:9f:3a:c4:
                    33:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.godaddy.com/gdig2s1-59.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114413.1.7.23.1
                  CPS: http://certificates.godaddy.com/repository/

            Authority Information Access: 
                OCSP - URI:http://ocsp.godaddy.com/
                CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt

            X509v3 Authority Key Identifier: 
                keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE

            X509v3 Subject Alternative Name: 
                DNS:*.lucidpress.com, DNS:lucidpress.com
            X509v3 Subject Key Identifier: 
                CA:97:CC:32:09:20:3E:5F:23:05:4C:DD:F2:DA:4B:1C:E5:02:E8:69
    Signature Algorithm: sha256WithRSAEncryption
         4e:0c:8e:af:d5:c7:06:9e:b9:2c:36:97:d0:9e:1c:84:e8:e1:
         69:5a:36:a3:4f:9f:81:c9:78:5d:ca:35:df:63:be:23:88:4c:
         ba:eb:17:15:22:78:96:5d:5f:dc:3b:fa:cf:14:b6:e9:3a:fe:
         28:19:1c:85:d2:1b:23:b3:79:6d:b2:1d:76:6b:84:97:80:43:
         1b:c0:b7:14:78:75:f9:47:31:6e:21:56:0d:5e:73:ed:d3:b2:
         4b:ab:dc:b0:af:18:ee:2d:bb:65:ff:c7:cb:ff:53:64:8f:a5:
         e8:aa:45:da:fc:0f:b5:8f:da:0f:3e:b1:3b:d0:47:49:52:af:
         8d:f7:a3:42:3b:d3:a1:f4:a1:22:d5:fe:2f:4c:59:b4:18:3f:
         62:1e:4e:56:65:9b:2b:d6:76:cd:29:74:d6:74:a4:7b:bb:6f:
         b2:1d:45:12:67:14:b3:06:a7:36:ee:3a:48:d1:d6:80:2b:fa:
         6d:8b:64:01:0f:1e:51:48:0f:8b:e3:7d:13:86:79:a2:b2:04:
         05:cb:8d:07:35:d9:fa:7e:6d:5d:42:c0:a5:f4:b2:8e:57:53:
         24:b3:aa:e6:92:b1:70:07:73:98:00:91:9b:0f:3e:6e:fe:1d:
         78:7c:57:68:47:d7:8e:6f:1a:64:26:7b:69:f5:b1:13:c2:71:
         2d:ac:56:b6
$ dig www.lucidchart.com

; <<>> DiG 9.8.5-P1 <<>> www.lucidchart.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19608
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.lucidchart.com.        IN  A

;; ANSWER SECTION:
www.lucidchart.com. 8   IN  CNAME   chart-production-webserver-1858537325.us-east-1.elb.amazonaws.com.
chart-production-webserver-1858537325.us-east-1.elb.amazonaws.com. 10 IN A 107.23.98.6
chart-production-webserver-1858537325.us-east-1.elb.amazonaws.com. 10 IN A 54.236.129.63
chart-production-webserver-1858537325.us-east-1.elb.amazonaws.com. 10 IN A 54.88.154.168

;; Query time: 23 msec
;; SERVER: 172.16.1.10#53(172.16.1.10)
;; WHEN: Sun Aug 10 00:02:52 EDT 2014
;; MSG SIZE  rcvd: 160

$ dig www.lucidpress.com

; <<>> DiG 9.8.5-P1 <<>> www.lucidpress.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34260
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.lucidpress.com.        IN  A

;; ANSWER SECTION:
www.lucidpress.com. 599 IN  CNAME   chart-production-webserver-1858537325.us-east-1.elb.amazonaws.com.
chart-production-webserver-1858537325.us-east-1.elb.amazonaws.com. 59 IN A 54.88.154.168
chart-production-webserver-1858537325.us-east-1.elb.amazonaws.com. 59 IN A 107.23.98.6
chart-production-webserver-1858537325.us-east-1.elb.amazonaws.com. 59 IN A 54.236.129.63

;; Query time: 48 msec
;; SERVER: 172.16.1.10#53(172.16.1.10)
;; WHEN: Sun Aug 10 00:02:38 EDT 2014
;; MSG SIZE  rcvd: 160

If interested, this is from sslscan:

Prefered Server Cipher(s):
    SSLv3  256 bits  DHE-RSA-AES256-SHA
    TLSv1  256 bits  DHE-RSA-AES256-SHA
    TLSv1.1  256 bits  DHE-RSA-AES256-SHA
    TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384

Thank you. I suspect SNI is the only way virtual hosting (one host, multiple hostnames) can be done, yes?

@Paul - yes, you would need either (1) a unique IP for each host; or (2) SNI at the client (the server will do the right thing). You can't use Host Headers because the SSL handshake has already occurred by the time the request is sent and parsed.

And I was indeed using wget 1.13.4, which is the version in the default PPAs for Ubuntu 12.04. Ubuntu 13.04+ has wget 1.14.

@Paul - something else is in the works over at IETF that may help here: Application Layer Protocol Negotiation. You can start out as HTTP and use the Host Header, and then switch to HTTPS. But its just a draft at the moment.

https - Some clients accept SSL cert; others reject it - Stack Overflo...

ssl https ssl-certificate
Rectangle 27 0

Well, EJP was on the right track, but didn't take it quite far enough or explain it thoroughly enough.

In order to verify a client certificate is being sent to the server, you need to analyze the output from the combination of the -state and -debug flags.

First as a baseline, try running

You'll get a ton of output, but the lines we are interested in look like this:

  • The -state flag is responsible for displaying the end of the previous section: "SSL_connect:SSLv3 read server done A". This is only important for helping you find your place in the output.
-debug

"write to...", "0000 - ...", "000c - ..."

  • Finally, the -state flag is once again reporting the result of the step that -debug just echoed: "SSL_connect:SSLv3 write client certificate A".

So in other words: s_client finished reading data sent from the server, and sent 12 bytes to the server as (what I assume is) a "no client certificate" message.

If you repeat the test, but this time include the -cert and -key flags like this,

openssl s_client -connect host:443 -cert cert_and_key.pem -key cert_and_key.pem  -state -debug

your output between the "read server done" line and the "write client certificate" line will be much longer, representing the binary form of your client certificate:

SSL_connect:SSLv3 read server done A
write to 0x7bd970 [0x86d890] (1576 bytes => 1576 (0x628))
0000 - 16 03 01 06 23 0b 00 06-1f 00 06 1c 00 06 19 31   ....#..........1
(*SNIP*)
0620 - 95 ca 5e f4 2f 6c 43 11-                          ..^%/lC.
SSL_connect:SSLv3 write client certificate A

The "1576 bytes" is an excellent indication on its own that the cert was transmitted, but on top of that, the right-hand column will show parts of the certificate that are human-readable: You should be able to recognize the CN and issuer strings of your cert in there.

+1 for the -state and -debug flags

ssl - openssl s_client -cert: Proving a client certificate was sent to...

ssl openssl ssl-certificate
Rectangle 27 0

write client certificate A
read server certificate request A

Send them your client certificate and get them to verify locally that its signers are trusted, with the OpenSSL tools. (Don't send your private key of course.)

However it's curious that your client even sent a certificate if the CA isn't recognized. The server sends the list of acceptable CA's in the CertificateRequest message, and the client isn't supposed to send a certificate at all unless it is signed by one of those. As you're using OpenSSL the fault isn't likely to be at your end.

You made a couple bad assumptions I'm afraid. Even without the -cert switch, s_client still produces those same lines of output, so that's not at all a guarantee that a certificate was indeed sent. Additionally, I stumbled across a newsgroup thread (no link I'm afraid) during my research where an openssl contributor claimed that if the -cert switch is used, the certificate is always provided, in spite of the spec saying it should only be sent if a matching CA is listed by the server. In either case, it still remains to verify the certificate was sent in the outbound stream.

Additionally, as I noted in my original post the "unknown CA" error encountered is actually the server notifying the client that it wasn't able to match the client certificate with a trusted CA, which certainly implies a client certificate was sent. The provider also already has a copy of the client certificate, but my suspicion is that they loaded the client certificate okay but the CA certificate incorrectly. They are unwilling to troubleshoot though because their logs claim I am not sending a client cert, hence this question.

Well that's a bug in s_client. It shouldn't print things it hasn't done. I certainly wasn't assuming that.

My impression is that -state reports the internal stages s_client passes through regardless of what actions were or were not performed in each step. They are just signposts to know where we are in the chain of execution. Think of it like reporting entry into methods: s_client always enters the "sendClientCert(possibleCertPath)" method, but ended up no-op'ing in the first run since no cert was provided. This (apparently) still gets reported to stdout/err regardless. There's no way you would have known that without having tried it yourself. Thanks again for the leads.

ssl - openssl s_client -cert: Proving a client certificate was sent to...

ssl openssl ssl-certificate
Rectangle 27 0

I think you need to call SSL_CTX_set_client_CA_list (http://www.openssl.org/docs/ssl/SSL_CTX_set_client_CA_list.html) on the server side. This sets a list of certificate authorities to be sent together with the client certificate request. The client does not send its certificate, even if one was requested, if the certificate does not match that CA list sent by the server.

Yes. This has been done. And it is sent. Unfortunately my problem is on the client. I use openssl's s_server for debugging my own client. So my own server doesn't matter here. Just assume it is OK and I simply cannot connect to the s_server test tool. Which I have to assume speaks its protocol correctly.

Sorry, I overlooked that. I assume you checked the totally obvious stuff like is the key file the correct one? In your s_client command line it's private/testclient.key, in code it's only "testclient.key". My (working) code does pretty exactly what you do except I do a SSL_CTX_check_private_key to verify it matches the certificate and I install a password callback to "unlock" the private key: SSL_CTX_set_default_passwd_cb.

No worries, Thanks for any input. I'm totally screwed here. As to the certs, alas, I did. Checked them over and over, diffed the files and so on. The reason for that command line difference is just that I replaced a 'suspiciously secret' cert name with one I can post here ;-) I am sure they are right. SSL_CTX_check_private_key returns true. Is that password callback necessary for empty password keys?

c++ - OpenSSL client not sending client certificate - Stack Overflow

c++ ssl network-programming openssl client-side
Rectangle 27 0

From the error messages it looks like your client does not present a certificate to server and you explicitely requested that a client needs to present one (in server code):

SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
SSL_CTX_use_certificate_chain_file(ctx, pcszCertPath);
SSL_CTX_use_PrivateKey_file(ctx, pcszPrivKeyPath,SSL_FILETYPE_PEM);

I hope that helps. Also make sure that your server uses the same certificate chain (that it trusts the same CA's). If this is a problem, let me know and I'll help you do that.

openssl - SSL client authentication returning Bad Certificate error - ...

ssl openssl client-server debian-based
Rectangle 27 0

With wireshark, you will find out if the server ever requested certificate from the client. The command would be "CertificateRequest".

openssl - SSL client authentication returning Bad Certificate error - ...

ssl openssl client-server debian-based
Rectangle 27 0

I guess that the certificate is sent but was not accepted by the server, that is it could not be verified against the trusted CA at the server. The error message on the server side about no certificate returned might be misleading, see http://stackoverflow.com/a/27951490/3081018.

I would suggest to check with wireshark or openssl s_server to see if the certificate is not sent or if it is just not accepted by the peer.

c - OpenSSL: Make client send certificate - Stack Overflow

c networking ssl openssl certificate
Rectangle 27 0

Maybe you could be experiencing some session cache problems (it's enabled by default and "edit 1" points to it), are you trying to serve to the client an spoofed cert from the server? Maybe the internal cache is stored by cert name, and it tries to resume the server session...

SSL_CTX_set_session_cache_mode
SSL_SESS_CACHE_OFF

About the "edit 2" the client key exchange phase do not talks about sending the client's certificate, it sends a secret (or nothing) used for the selected cipher system (it can send an empty client exchange if the selected cipher does not need a secret). Read here about it.

Thanks for pointing me to the session cache mode. I quickly tried setting both client and server ctx to SSL_SESS_CACHE_OFF, but that didn't do anything. I know that the Client Key Exchange doesn't send a certificate. What I was saying was that the client's SSL state machine (see client_info_cb above) seems to be looking to read a client certificate, but I verified that the s_client is only sending a Client Key Exchange. There seems to be a disconnect there.

Thinking about it some more, each SSL state (one for client2proxy, one for proxy2server) has it's own unique session, so I'm not sure how caching could actually be an issue across the SSL states. Unless OpenSSL has some kind of issue with having multiple SSL states with different modes (accept vs connect).

And yes, I am trying to serve a spoofed cert from the server back to the client. I'm essentially calling X509_dup() on the peer cert from the server, then replacing the issuer and public key. Then I'm signing with my server key, the same one I set the client side SSL ctx to use. Is there some issue with duplicating the certificate in this fashion and then modifying it?

OpenSSL read client certificate error using libev with non-blocking so...

openssl libev
Rectangle 27 0

The user authentication feature is it's own separate security realm. It allows you to specify a dependent user auth realm that is used when an x509 certificate is not provided by the client. The dependent realm is basically used to enroll the device/user/app into your PKI. The dependent realm can be any security realm you choose.

To specify your security realm as the dependent realm, change the following line:

<parameter name="dependent-user-auth-realm" value="AdapterAuthRealm" />

openssl - Client Certificate Authentication and User Enrollment - Stac...

openssl worklight worklight-adapters worklight-server worklight-security
Rectangle 27 0

You can indeed go with pyOpenSSL. As you are saying you already have CA root certificate and a private key, and CSR will be sent by a client then you can use functions of crypto to read all those ( CA cert, private key and Device CSR ) from file or manage to have them in buffer.

Use below functions to start with. Check dir(crypto) and crypto.function_name.__doc__on python interpreter for more info :) You need to import crypto from pyOpenSSL

then you can write simple funcation to return certificate

def create_cert():
    cert = crypto.X509()
    cert.set_serial_number(serial_no)
    cert.gmtime_adj_notBefore(notBeforeVal)
    cert.gmtime_adj_notAfter(notAfterVal)
    cert.set_issuer(caCert.get_subject())
    cert.set_subject(deviceCsr.get_subject())
    cert.set_pubkey(deviceCsr.get_pubkey())
    cert.sign(CAprivatekey, digest)
    return cert

where caCert , deviceCsr and CAprivatekey are values from above three funcations. Now that you have certificate with you, you can write this to a file using crypto.dump_certificate(crypto.FILETYPE_PEM, cert) with file name of your choice.

You can modify this function as per your requirement. After this you can verify generated device certificate with CA root certificate with openssl command e.g. openssl verify -CApath <CA cert path> <name of device cert file>

You can also go through few examples from github. M2Crypto Example , pyOpenSSL example

Hope this gives you idea about the implementation

openssl - Sign CSR from client using CA root certificate in python - S...

python-2.7 openssl ssl-certificate m2crypto pyopenssl
Rectangle 27 0

As Jumbogram stated, you have to load the matching private key to the certificate file you are attempting to load. You can't just generate a new key and use that, as the key and the certificate signed with that key won't match.

Instead, generate a new key and certificate pair using openssl, and point the SSL_CTX_* functions to those.

openssl - Client certificate - Stack Overflow

openssl
Rectangle 27 0

You have to create a key pair, create a Certificate Signing Request, then get it signed by a Certificate Authority. All thoroughly documented for OpenSSL, and all off topic for SO.

Sign up for our newsletter and get our top new questions delivered to your inbox (see an example).

What's a client certificate and where to get it (using c++ with openss...

c++ openssl
Rectangle 27 0

There are a couple steps:

status_request
SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp)
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb)
SSL_CTX_set_tlsext_status_arg(ctx, arg)
  • Write the callback function. The one used by s_client demonstrates how to get at the response information: static int ocsp_resp_cb(SSL *s, void *arg) { const unsigned char *p; int len; OCSP_RESPONSE *rsp; len = SSL_get_tlsext_status_ocsp_resp(s, &p); BIO_puts(arg, "OCSP response: "); if (!p) { BIO_puts(arg, "no response sent\n"); return 1; } rsp = d2i_OCSP_RESPONSE(NULL, &p, len); if (!rsp) { BIO_puts(arg, "response parse error\n"); BIO_dump_indent(arg, (char *)p, len, 4); return 0; } BIO_puts(arg, "\n======================================\n"); OCSP_RESPONSE_print(arg, rsp, 0); BIO_puts(arg, "======================================\n"); OCSP_RESPONSE_free(rsp); return 1; }

c - OpenSSL certificate revocation check in client program using OCSP ...

c ssl openssl certificate ocsp
Rectangle 27 0

cat Root-CA.pem  Sub-CA.pem > Combined.pem
openssl verify  -CAfile Combined.pem webserver-cert.pem

ubuntu - Client - server communication issues using openssl and certif...

ubuntu openssl client ssl-certificate
Rectangle 27 0

1) The article you link is a good one :-). To put it another way: there is a field in the certificate that says what use(s) it is allowed to be used for. When you create/request a certificate, you are asking for a certificate for a particular use, and the CA signs it on that basis.

It is more secure to use different certificates for different purposes and to ensure that each certificate can only be used for its intended purpose. (Or if you want to be cynical, CAs make you buy separate client and server certs so they get more sales.)

For instance, you might want your web server to be able to identify itself as your company for serving purposes, but not want that same certificate to be able to be used to sign outgoing connections to other businesses.

2) You are correct.

ssl - OpenSSL client certificates vs server certificates - Stack Overf...

ssl encryption openssl
Rectangle 27 0

Server Certificates are identitiy of a Server to persented by it during SSL handshake .

Typically they are issued by CA well known to client , The basis on which the certificate is issued is possession of some publically known Identifier of that server , for Webserver its the Hostname of the server , which is used to reach server

Example:-  http://blog.8zero2.in/
Certificate Key usage 

 1. Signing 
 2. Key Encipherment

Signing :- It means that the key in the certificate can be used to prove the Identity of the server mentioned in the CN of the cerificate , that is entity Authentication .

Key Encipherment :- It means the key in the in the ceritificate can be used to encrypt the session key ( symmetic key ) derived for the session

Client certificates as the name indicates are used to identify a client or a user. They are meant for authenticating the client to the server. Purpose of holding a client certificate varies It may represent possession of email address or Mac-address , usually mapped to the serial number of the certificate

clearly mention by the x509 extension parameter

Certificate Key usage 
1. Signing

ssl - OpenSSL client certificates vs server certificates - Stack Overf...

ssl encryption openssl