Develop Reference

Self-Signed certificate: openssl 21 (unable to verify the first certificate) [duplicate]

I have two extremely similar self signed certificates, generated via two different methods.
To test them I have:
Added an entry in my hosts file for local.mydomain.com
Set up an nginx server to listen on that domain on port 443 with the certificate under test plus associated private key (I then switch the cert and restart nginx to compare)
Connected to nginx with openssl s_client -connect local.mydomain.com -CAfile /path/to/the/ca/cert.pem
One certificate fails:
CONNECTED(00000003)
depth=0 CN = local.mydomain.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = local.mydomain.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=local.mydomain.com
i:/CN=local.mydomain.com
---
One certificate succeeds:
CONNECTED(00000003)
depth=0 CN = local.mydomain.com
verify return:1
---
Certificate chain
0 s:/CN = local.mydomain.com
i:/CN = local.mydomain.com
---
I compare the details of the certificates with openssl x509 -in /path/to/the/ca/cert.pem -text -noout
The failing cert:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:dc:02:c7:11:fc:8e:96:45:22:aa:6b:23:79:32:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=local.mydomain.com
Validity
Not Before: Nov 18 11:55:31 2016 GMT
Not After : Nov 18 12:15:31 2017 GMT
Subject: CN=local.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
<stuff>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Subject Alternative Name:
DNS:local.mydomain.com
X509v3 Subject Key Identifier:
6D:4F:AF:E4:60:23:72:E5:83:27:91:7D:1D:5F:E9:7C:D9:B6:00:2A
Signature Algorithm: sha256WithRSAEncryption
<stuff>
The working cert:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9b:6b:3d:a3:b9:a3:a4:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=local.mydomain.com
Validity
Not Before: Nov 19 13:27:30 2016 GMT
Not After : Nov 19 13:27:30 2017 GMT
Subject: CN=local.mydomain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
<stuff>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:E7:DA:AA:2E:CC:23:ED:C5:07:3D:E1:33:86:F5:22:D4:76:EB:CB
X509v3 Authority Key Identifier:
keyid:03:E7:DA:AA:2E:CC:23:ED:C5:07:3D:E1:33:86:F5:22:D4:76:EB:CB
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
57<stuff>
Looking at this the most obvious difference is that the working cert has CA:TRUE under X509v3 Basic Constraints. However, from reading around the web I was under the impression that self signed certs weren't meant to be CAs, in particular this says they normally won't be:
https://security.stackexchange.com/questions/44340/basic-self-signed-certificate-questions
The answer there says that being self-signed there is no CA involved. But maybe openssl requires self signed certs to have that set anyway?

From my own experiments I can confirm what you see. My explanation of the behavior is that a self signed certificate is still a certificate which is signed by the issuer, even if the issuer's certificate is the certificate itself. But only CA certificates can be used to sign certificates, i.e. that's exactly the constraint CA:true allows. This means that a self-signed certificate needs also to be a CA certificate with the constraint CA:true.

RFC5280 says:
So, if your certificate does not have CA:TRUE flag, this certificate may not be used to verify the signature on any certificate, including itself. OpenSSL correctly follows the RFC.
It is incorrect to think that a certificate belongs to one of two types, either "CA certificate" or "end-entity certificate". A certificate with CA:TRUE can be used for authenticating the entity. This is exactly what you do when you authenticate with a self-signed certificate. It can also be a certificate with CA:TRUE, signed by someone else.

Has anyone ever successfully connected a MAC to an Azure P2S network gateway? None of the documentation works for me

Starting with an empty directory:
Generate CAroot private key
$ openssl genrsa -aes256 -out dcsAzureVPN.key 2048
Generate a CARoot certificate
$ openssl req -x509 -sha256 -new -key dcsAzureVPN.key -out dcsAzureVPN.cer -days 1825 -subj /CN="dcsAzureVPN"`
Successfully copied dcsAzureVPN.cer to VPN gateway and saved (see attached screenshot)
Generate Certificate Request (CSR)
$ openssl genrsa -out dcsAzureClientCert.key 2048
$ openssl req -new -out tjaClientCert.req -key dcsAzureClientCert.key -subj /CN="dcsAzureVPN"`
Generate signed Client Certificate from CSR
$ openssl x509 -req -sha256 -in tjaClientCert.req -out dcsAzureClientCert.cer -CAkey dcsAzureVPN.key -CA dcsAzureVPN.cer -days 1825 -CAcreateserial -CAserial serial
Signature ok
subject=/CN=dcsAzureVPN
Pack key and certificate in .pfx format
$ openssl pkcs12 -export -out dcsAzureVPNClient.pfx -inkey dcsAzureClientCert.key -in dcsAzureClientCert.cer -certfile dcsAzureVPN.cer
Copy client cert to my Keychain
Make dcsAzure VPN a trusted cert.
Select dcsAzureVPN as the client certificate for my VPN connection
Try to connect. Connection fails with an error: User Authentication failed
What am I doing wrong?

I finally found the problem. It turns out the Local ID has to match the client certificate subject, not the name of your client certificate file.

You have to manually configure the native IKEv2 VPN client on every Mac that will connect to Azure. You could use these steps to configure the native VPN client on Mac for certificate authentication.
Moreover, you could refer to this to troubleshoot Point-to-Site VPN connections from Mac OS X VPN clients.
Additionally, no matter what client OS you want to connect from, you must always have a client certificate. You can generate a client certificate from either a root certificate that was generated using an Enterprise CA solution or a self-signed root certificate. See the PowerShell, MakeCert, or Linux instructions for steps to generate a client certificate.
Please let me know if this works.

Whoever stumbles up on this solution: It is working if you change the Client certificate's subj from dcsAzureVPN to (for example) dcsAzureVPNSubj and use it in the connection tab for Local ID.
So instead of this:
openssl req -new -out tjaClientCert.req -key dcsAzureClientCert.key -subj /CN="dcsAzureVPN"
Use this:
openssl req -new -out tjaClientCert.req -key dcsAzureClientCert.key -subj /CN="dcsAzureVPNSubj"
and use the dcsAzureVPNSubj for Local id on the MacOS VPN connection tab.
Worked on the following machine:
20.5.0 Darwin Kernel Version 20.5.0: root:«gibberish»/RELEASE_ARM64_T8101 arm64
Big Sur version: 11.4

How make Self-Signed certificate trusted from remote connection

I created a self-signed certificate using these commands
sudo keytool -genkeypair -alias <MyAlias> -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore <MyCert>.p12 -validity 3650
sudo keytool -genkeypair -alias <MyAlias> -keyalg RSA -keysize 2048 -keystore <MyCert>.jks -validity 3650
sudo keytool -importkeystore -srckeystore <MyCert>.jks -destkeystore <MyCert>.p12 -deststoretype pkcs12
which created a P12 file and a jks file.
If I log in to my server remotely, the connection is blocked and an error is shown that indicates your connection is not private, because the certificate is not trusted.
How can I fix this issue?
Maybe I should chain the certificate to another certificate? (example: using Let's Encrypt)?

Create a Certificate Authority
You can create a Certificate Authority certificate and then sign a certificate with your own CA and then add your CA to the system keychain.
More on that at https://gist.github.com/Soarez/9688998
Use a Let's Encrypt client
... however, it's probably much easier to use a Let's Encrypt client.
I'm the author so you can take my opinion for a grain of salt, but Greenlock is about the easiest suite of Let's Encrypt / ACME tools available.
Browser-based client
https://greenlock.domains
If you use the DNS challenge you can easily get certs for private domains with internal IP addresses as well.
CLI Clients
If you want it automatic you could use something like Greenlock CLI or Greenlock Express (for node.js)
There's also certbot, but it can be more difficult to install due to it's size, various dependencies, and RAM usage. Greenlock is only about 100kb and has no external dependencies, so it works fine on home servers and memory constrained IoT devices (which is exactly the problem I had when I first wrote it).

Generating a certificate chain in Ansible

I am trying to generate a chain (self signed + one signed by the self signed) of certificates using Ansible OpenSSL modules.
So far have the following tasks:
- name: Generate a Self Signed OpenSSL certificate
become: yes
block:
- apt:
name: python-openssl
update_cache: yes
- openssl_privatekey:
path: /tmp/ansible.com.pem
- openssl_csr:
path: /tmp/ansible.com.csr
privatekey_path: /tmp/ansible.com.pem
common_name: ansible.com
- openssl_certificate:
path: /tmp/ansible.com.crt
privatekey_path: /tmp/ansible.com.pem
csr_path: /tmp/ansible.com.csr
provider: selfsigned
- openssl_privatekey:
path: /tmp/child.com.pem
- openssl_csr:
path: /tmp/child.com.csr
privatekey_path: /tmp/child.com.pem
common_name: child.com
- openssl_certificate:
path: /tmp/child.com.crt
privatekey_path: /tmp/ansible.com.pem
csr_path: /tmp/child.com.csr
provider: selfsigned
But the problem is that child certificate is not valid:
openssl verify -verbose -CAfile /tmp/ansible.com.crt /tmp/child.com.crt
/tmp/child.com.crt: CN = child.com
error 18 at 0 depth lookup:self signed certificate
OK
I am using Ansible 2.6.1

A self-signed certificate is a self-signed certificate regardless of what key you provided for signing (this key is never verified anyway, because "you trust the certificate directly").
If you check the contents of the child.com.crt certificate with openssl x509 -in /tmp/child.com.crt -text -noout command, you'll see:
Certificate:
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=child.com
Subject: CN=child.com
not Issuer: CN=ansible.com (and there is no way to know whose key it is during the signing task, based on the key alone ― a key is just a random number; you'd need to provide the certificate of the signing party somewhere in the task, which you don't).
What you want to achieve will be possible in Ansible 2.7 with a new provider ownca introduced by this commit:
The 'ownca' provider is intended for generate OpenSSL certificate signed with your own CA (Certificate Authority) certificate (self-signed certificate).
[ ]
Example:
- name: Generate an OpenSSL certificate signed with your own CA certificate
openssl_certificate:
path: /etc/ssl/crt/ansible.com.crt
csr_path: /etc/ssl/csr/ansible.com.csr
ownca_path: /etc/ssl/crt/ansible_CA.crt
ownca_privatekey_path: /etc/ssl/private/ansible_CA.pem
provider: ownca
For now (up to Ansible 2.6.x) you need to call openssl x509 -req (see examples) with the command module.

How to generate SSl Certificate (CRT), Private Key (KEY), Certificate Authority Bundle: (CABUNDLE) from domain.pfx file?

I have two files with me. One is domain.pfx and another one is domain.cer. To convert my website from http to https through cPanel, I need Certificate (CRT), Private Key (KEY), Certificate Authority Bundle: (CABUNDLE). How to generate these files from the two files that I have?

PFX content: Your domain.pfx should contain everything(Certificate, private key, Ca-chain), you can check with: openssl pkcs12 -info -in keyStore.p12
Key file: openssl pkcs12 -in domain.pfx -nocerts -out domain.key
Certificate:openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.crt
CA bundle:
openssl pkcs12 -in domain.pfx -cacerts -nokeys -out cabundle.pem