We all know that when we use HTTPS, SFTP or many standard protocols incorporating encryption, we've got certificates behind that. The use of certificates in these protocols guarantees two main purposes:
- Authentication - A certificate demonstrates who's the owner of one party in a communication.
- Confidentiality - A certificate provides encryption to that protocol in a communication, which means the information can only be understood by the receiver.
x509 - The Standard
A certificate contains an identity (a hostname, an organization or an individual) and a public key, and it is signed by a Certificate Authority or self-signed. This way a certificate binds an identity to a public key using a digital signature.x509 is the standard defined by the ITU (International Telecommunication Union) for public key certificates. So, the structure and the content of a certificate is something well defined, that follows a set of conventions so that anyone (or better said, any machine) knows what information is inside and how to use it. In other words, x509 is a standard.
It’s the standard used for SSL/TLS, so when we say certificates in the context
of SSL/TSL we’re referring to x509 certificates.
The Content of an x509 Certificate
An x509 certificate includes:Identity information
The x509 certificate includes fields that describe the subject, the issuing Certificate Authority (CA) and the validity period.A public key
This is the public key of the owner’s key pair. The owner has a private key linked to this public key that must be kept secret and it distributes this public key as part of the certificate. This allows anyone to send messages encrypted with the public key that only the owner can decrypt with its private key. This also allows the owner to digitally sign documents/files with its private key and anyone can verify the signature with the public key.A digital signature from the Certificate Authority
A digital signature is a hash that has been encrypted by a private key. In this case, the hash is from the content of the digital certificate (identity info + public key). Then the CA, using its private key, encrypts the hash. This way, the CA guarantees that the content of the certificate has been reviewed and the owner’s identity is correct.
Anyone can verify this using the public key of the CA issuing the certificate.
In a web communication over HTTPS, the browser will decrypt the signature
using the public key of the CA (which has been previously installed as a
trusted authority) and obtain a hash. The browser then hashes the content of
the certificate using the same algorithm as the owner and compares both
hashes. If they match, it means that only the CA has signed that certificate,
only the CA has issued that certificate.
Since we trust this CA, we trust the certificate and hence, the identity bound
to that certificate. With this validation we are sure that we can now use the
public key of the certificate and that only that identity will be able to
decrypt any data that we send encrypted with that public key.
Structure of a Digital Certificate
These are, in detail, all the sections of an x509 certificate:
- Version number - version of the x509 certificate standard, it’s not the SSL version
- Serial number - It’s the unique identity of the certificate. If we need to do any operation on this certificate (for example revoke it) we’ll need this identifier. If you change your certificate (you renew it or change your CA) then the serial number will change
- Signature Algorithm ID - the algorithm used by the CA to sign the certificate
- Issuer Name - the entity (CA) who has signed the cert
- Validity Period - dates in which the cert is valid
- Subject Name - The organization for which the certificate has been issued
- Subject Public Key - it’s the public key of the subject, not the issuer’s. It Modulus and exponent in an RSA public key
- Issuer Unique Identifier (Optional)
- Subject Unique Identifier (Optional)
- Extensions (Optional) - They are additional features for advanced security tasks. For example, it contains:
- Subject Alternative Name (SAN) - It’s a list of domain names for which this certificate is valid
- Authority Information Access
- CA Issuers - provides a URL to get the CA intermediate certificate online
- OCSP - Open Certificate Status Protocol. It’s a way to query whether this certificate is valid or not in case the owner revoked the certificate
- CA: FALSE - this value will be false if the certificate is not a root certificate, that means if this is not the public certificate of a CA
- CRL - Certificate Revoke List. it’s another way of finding out if this certificate is valid or not. The URL will give you a list of all certificates that are revoked under that CA. Similar to OCSP - in the case of OCSP you’ll use the standard queries to get info on the serial number of the cert, in the CRL you’re just getting the full list of revoked certificates and you’ll have to go through the list to verify if the serial number of this cert is in that list or not
- Signature section
- it starts with the algorithm used to sign this certificate - this tells us the hashing method and the encryption method
- To produce the signature the CA first creates the hash of the data section and then the result is encrypted with its private key
How to see the contents of a certificate
There are two ways to see the contents of a certificate:
From the web browser
All the web browsers give you the option of showing the info of a
certificate when you connect to a site that uses https. Normally, there
should be an icon side by side the URL bar. If you click on that you
should see something similar to this:
From the command line
As a Security Admin you can use the openssl toolkit to print the details
of a certificate in a terminal. Type the following:
openssl x509 -in certificate.crt -text -nooutWhere certificate.crt is the certificate file.
Using the openssl s_client command we can also get download the
certificate from the web site and show it in our terminal combining the
previous command.
openssl s_client -connect google.com:443 < /dev/null | openssl x509 -in /dev/stdin -noout -text