Openssl x509 -req -days 365 -in Server Req.pem -sha256 -extfile /etc/ssl/openssl.cnf -extensions usr cert -CA CA Cert.pem -CAkey CA Key.pem -CAcreateserial -out Server Cert.pem If you don't already have a CA you can use, you can create a root CA yourself by following the steps outlined in Securing the Communication between SAP HANA Studio.
- Openssl x509 -req -in fabrikam.csr -CA contoso.crt -CAkey contoso.key -CAcreateserial -out fabrikam.crt -days 365 -sha256 Verify the newly created certificate. Use the following command to print the output of the CRT file and verify its content: openssl x509 -in fabrikam.crt -text -noout.
- OpenSSL and SHA256 By default, OpenSSL cryptographic tools are configured to make SHA1 signatures. For example, if you want to generate a SHA256-signed certificate request (CSR).
Self-signed certificates and Elliptic Curve Cryptography
There are many reasons to self-sign SSL certificates,but I find them particularly useful for staging sites and in the early stages of a project.
I have a three command guide to self-signing an SSL certificateif you aren’t interested in ECC.
If you are interested in ECC,you may know that the main reason for using elliptic curves as the basis for communication over SSL is the small key size –where regular DSA would require 1024 bits, ECDSA (the elliptic-curve variant of DSA) would require about 160 bits.The computational power required for communication over ECDSA is also less.
This is only likely to matter in embedded systems or other highly-constrained environments.
If you are considering specifically using an ECDSA certificate like the one generated here with OpenSSL,it is probably worth reading a more detailed description by Bruce Schneier.
If you are sure you want an ECC-based certificate,doing so is just as easy as any other self-signed certificate with OpenSSL,provided that your version supports ECDSA.The commands below have been verified to work on OSX 10.8.
The first command is the only one specific to elliptic curves.It generates a private key using a standard elliptic curve over a 256 bit prime field.You can list all available curves using
or you can use prime256v1 as I did.
The second command generates a Certificate Signing Requestand the third generates a self-signed x509 certificate suitable for use on web servers.
The check at the end ensures you will be able to use your certificate beyond 2016. OpenSSL on OS X is currently insufficient, and will silently generate a SHA-1 certificate that will be rejected by browsers in 2017. Update using your package manager, or with Homebrew on a Mac and start the process over.
More on ECC
If you’re interested in elliptic curve cryptography,Wikipedia has a good introduction that includes the math behind it,as well as more specific information on ECDSA in particular.As usual, there are good links from there to learn more.
SHA256, provided by TBS INTERNET since 2008, will in the coming few years replace SHA1. But what is SHA?
SHA - standing for secure hash algorithm - is a hash algorithm used by certification authorities to sign certificates and CRL (certificates revocation list). Introduced in 1993 by NSA with SHA0, it is used to generate unique hash values from files.
Example: A file hashed with SHA1 could look like:
As for any cryptographic solution, SHA must evolve along with our computers' calculation capacities in order to avoid any weakness.
There are, therefore, several versions of SHA: SHA0 (obsolete because vulnerable), SHA1 (the most popular one), SHA2 (the one we are interested in) and finally SHA3 introduced in 2012.
SHA2, not often used for now, is the successor of SHA1 and gathered 4 kinds of hash functions: SHA224, SHA256, SHA384 and SHA512.
It works the same way than SHA1 but is stronger and generate a longer hash.
Hash attacks, SHA1 and SHA2
There are 2 kinds of attacks specific to hash:
- A collision: there is collision when 2 different files produce an identical hash. It is then possible to substitute a file for an other. In our domain of expertise we could then imagine to replace an official certificate by a fraudulent one having the same hash values. SHA0 is not resistant to collision attacks, that is the reason why it is not used anymore.
- the preimage: one needs to distinguish preimage from first-preimage. The first one consists of 'guessing' a file value from its hash. The other one uses a hash to create a value different from the one that has been used to generate the hash.
What about SHA1 and SHA2?
Even if there has never been a successful complete collision with SHA1, the evolution of our computers' calculation capacities will soon make it possible. SHA2 is totally collision-resistant, its time has then come!
New standards / recommandations from certification authorities: Depreciation of SHA1Note that SHA1 is being depraciated by browsers (Internet Explorer, Google Chrome, ...) and that the deadline for its scheduled disappearance is 2016-12-31. Therefore, the certification authorities that we work with do not issue certificates expiring after this date anymore.
Learn moreSHA256 hash algorithm does not intervene in the encryption / authentication process but tools (browsers, email clients, servers...) must be able to read / decipher this kind of hash during the connection / authentication process.
- if you install a SHA256 certificate on a client (strong authentication by certificate),
make the client (browser, webservice...) and the servers are compatible
even if the server keep using a SHA1/MD5 signed certificate.
- if you install a SHA256 certificate on a server then all the clients connecting to it and the server must be SHA256-compatible.
- If you are using a SHA256 certificate to sign emails or documents, only the readers have to be compatible.
OpenSSL and SHA256
By default, OpenSSL cryptographic tools are configured to make SHA1 signatures.
for example, if you want to generate a SHA256-signed certificate request (CSR) , add in the command line: -sha256, as:
Note: To do so, you'll need OpenSSL version 0.9.8o at least.
Decipher a SSL certificate:
Openssl X509 Dates
Check the field 'Signature Algorithm'. It should indicate either 'sha1WithRSAEncryption' or 'sha256WithRSAEncryption'.