[openssl-users] openssl verify and alt_chains

Viktor Dukhovni openssl-users at dukhovni.org
Thu Dec 31 17:12:20 UTC 2015

On Thu, Dec 31, 2015 at 04:56:08PM +0000, Gareth Williams wrote:

> I now try to cross-certify by adding another Root CA (Example Root CA) and
> use that to sign the original Gareth Williams Policy CA certificate signing
> request, then add this new certificate to the chain.crt file:
> Gareth Williams Root CA               Example Root CA
>           |                                   |
> Gareth Williams Policy CA          Gareth Williams Policy CA
>           |                                   |
>           +----------------+------------------+
>                            |
>                Gareth Williams Issuing CA
>                            |
>                office.garethwilliams.me.uk

You're not supposed to create two different untrusted intermediate
certificates, include both and hope for a good outcome.  OpenSSL
does not try all possible untrusted intermediates at every depth
in the chain, that has exponential cost in the chain depth.

The alternate chain is built only when (by default) not doing
"trusted first", and drops one of the previously selected untrusted
certificates at a time (from the top of the chain) and looks for
a match in the *trust* store.  This never looks at alternative
untrusted certificates.

Cross-sign a roots, not an intermediates, and include the cross-signed
root in the trust store.  Then if a user happens to include the
root CA in the chain that is not trusted but the trust store contains
a cross-signed intermediate, you win.


More information about the openssl-users mailing list