Certificate authority changes with OpenSSL

Viktor Dukhovni openssl-users at dukhovni.org
Thu Mar 17 20:32:58 UTC 2022


On Thu, Mar 17, 2022 at 07:51:43PM +0100, egoitz--- via openssl-users wrote:

> I think that is the problem, the sha1.

That's the specific issue being reported.

> So... I have built Openssl 3.0.2

There's no reason for OpenSSL 3.0.2, that might just tighten the
restrictions further.  OpenSSL 1.0.0 and up all support SHA2-256,
you can create and consume SHA-2 certificates with OpenSSL 1.1.1.

> I have seen that the own CA uses sha1WithRSAEncryption signature
> algorithm.

Yes, fix that.

> I assume this is one of the things to change, so I have planned to
> convert the whole PKI, the whole CA to another supported Signature
> algorithm that had no issues with SECLEVEL2. 

Just set the default digest to sha256, and reissue all the intermediate
and leaf certificates.  The root CA can stay unchanged, its
self-signature is not relevant.

> 1 - Is it possible to update a whole CA with 2048 bit public and private
> keys (I used in req section of openssl.conf, the default_bits to 2048)
> to a Signature algorithm that don't bother the SECLEVEL 2?.

SHA2-256 is sufficient.

> I mean to have two versions of the same certificate. One for SECLEVEL1
> and one for SECLEVEL2?. I preserve all csr and so.... 

It is isn't "the same certificate".  You can issue new certificates,
that all clients can verify, by using SHA2-256.

> 2 - I was wondering too another question... although this is not urgent
> now. If the CA key pair, is almost expiring what's the proper process of
> doing what is supposed to be done?. I assume, it could be : 

Keys don't expired, certificates do.  You can reissue a CA certiifcate
with the same key and subject name, but a different expiration time and
serial number.

> But... I assume I would have to use a different CN for the new CA?.

No, you would typically use the same CN if just extending the validity.

> Perhaps is this same process the one I need to do.... for converting
> certificates from SECLEVEL 1 friendly to SECLEVEL 2 friendly?. 

Certificate don't have seclevels, they have a signature algorithm,
SHA2-256 has long been support by all clients.

-- 
    Viktor.


More information about the openssl-users mailing list