Join Log in
Score:1
Tom Cannaerts avatar Server

Cross-signed (Let's Encrypt) SSL chain validation

cn flag
Tom Cannaerts

Note: I spent like 30 minutes writing/formulating this question, and it turned out into a rubber ducking session. Realised what I was doing wrong, but posting this anyway as it might by useful for other people as well.

For context, I work with SSL certificates on a daily base and considder myself having a rather good understanding of how they work (or at least I though so :p ). I'm currently writing a script to monitor/test SSL chain issues of websites we host, but I'm having trouble matching the chain to a root certificate. Specifically Let's Encrypt certificates with the cross-signed certificates. If I follow the chain, it takes this path:

Subject: mywebsite.tld
Issuer: /C=US/O=Let's Encrypt/CN=E1

Subject: /C=US/O=Let's Encrypt/CN=E1
Serial: B3BDDFF8A7845BBCE903A04135B34A45
Issuer: /C=US/O=Internet Security Research Group/CN=ISRG Root X2

Subject: /C=US/O=Internet Security Research Group/CN=ISRG Root X2
Serial: 079E492886376FD40848C23FC631E463
Issuer: /C=US/O=Internet Security Research Group/CN=ISRG Root X1

Subject: /C=US/O=Internet Security Research Group/CN=ISRG Root X1
Serial: 4001772137D4E942B8EE76AA3C640AB7
Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3

So pretty much the expected path as documented on the LE website.

However, my system (using the mozilla ca certificates https://wiki.mozilla.org/CA/Included_Certificates) , does not trust DST Root CA X3. It does however trust both an ISRG X2 and ISRG X1 certificates. But the certificates in that store are not the cross-signed certificates used in the above chain, but instead are the self-signed certificates.

Subject: /C=US, O=Internet Security Research Group, CN=ISRG Root X2
Serial: 41D29DD172EAEEA780C12C6CE92F8752
Issuer: /C=US, O=Internet Security Research Group, CN=ISRG Root X2

Subject: /C=US/O=Internet Security Research Group/CN=ISRG Root X1
Serial: 8210CFB0D240E3594463E0BB63828B00
Issuer: /C=US/O=Internet Security Research Group/CN=ISRG Root X1

So how does my computer/browser actually do the matching, if not by following the chain and checking if that certificate matches the trusted store? In my logic, the E1, X2 and X1 certificates refered to in the chain of the website are intermediates that point to an untrusted root, rather than root certificates themselves. So what am I not seeing?

335
1 + 0
ssl
Score:1
Tom Cannaerts avatar Server
cn flag
Tom Cannaerts

So to anwser my own question, the matching between a certificate and a trusted root certificate isn't done on a certificate level, but on the key that was used to create (not sign) the certificate.

In this case, both the cross-signed as the self-signed ISRG Root X2 certificates have been created from the same key with subject key identifier 7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95. The Let's Encrypt E1 certificate does not point to a specific issuer certificate, but rather to a certificate with that specific name, and that is issued by a specific key. The system will search the trusted store to see if it contains a certificate with that name and that key. Since the self-signed certificate has the same name, and it is created with the same key, it can be chained to the E1 certificate and thus a link is made to a trusted root certificate.

If the trust can't be established, the process continues with the chain that is sent by the server and the same check will be done for the X1 certificate. This repeats until either a matching certificate is found in the trusted store, or until there are no more certificates in the chain (at which point the validation fails)

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.