This is a text-only version of the following page on
https://raymii.org:
---
Title : How I got a valid SSL certificate for my ISP's main domain, xs4all.nl
Author : Remy van Elst
Date : 21-03-2015
URL :
https://raymii.org/s/blog/How_I_got_a_valid_SSL_certificate_for_my_ISPs_main_website.html
Format : Markdown/HTML
---
[![cert][1]][2]
Click the image to see the certificate.
### What happened
I got a valid SSL certificate for a domain that is not mine by creating an email
alias. In this article I'll explain what happened, why that was possible and how
we all can prevent this.
My ISP, [xs4all][3], allows me to create personal mailboxes and email aliases.
An SSL domain validation certificate requires you to click on a link sent to a
pre-specified set of email addresses. I was able to register one of those email
addresses (`
[email protected]`). With that email address, I was able to
receive a validation link for a certificate.
The certificate provider Comodo thus issues me a certificate for the domain
[xs4all.nl][4], because I was able to "provide ownership".
This should not be possible, the provider should have a blacklist for those
addresses.
With this certificate I would be able to do a Man in the Middle attack against
users, provided I can intercept their connections, for example, at a coffee shop
or other place free Wifi is provided. The users would not receive a warning when
they would connect to `xs4all.nl` over my, snooped, connection because it is a
valid certificate trusted by all major browsers and operating systems.
With the email address I could also request more certificates, for example, for
[webmail.xs4all.nl][5] or [their service portal][6].
I directly contacted xs4all and the dutch [National Cyber Security Center][7] to
inform them and other ISP's. The certificate was also revoked a few minutes
after issueing.
xs4all have blocked the `administrator@` email address from the aliasses list,
so this should not be possible in the future.
![alias][8]
### How does SSL validation work
When you request an SSL certificate for a domain you need to proof that you are
the owner of that domain. There are multiple ways to do that, as there are
multiple types of certificates. These types of certificates are technically the
same, the validation behind it is what is different.
The CA/Browser forum, the standards body for Certificate Authorities has set
[baseline requirements][9] which describe exactly how these validations should
occur. The certificate provider, Comodo in this case, was not at fault here.
They have followed the procedure, the ISP was at fault because they allowed that
email alias.
#### Domain Validation certificates
A domain validation, or DV certificate is the simplest form of validation
possible. The CA checks the right of the applicant to use a specific domain
name. No company identity information is vetted.
Chapter 3.2.2 (Authentication of Organization and Domain Identity", respectively
"3.2.2.4. Authorization by Domain Name Registrant") of the [CAB
requirements][10] states the following for this verification:
If the CA uses the Internet mail system to confirm that the Applicant has
authorization from the Domain Name Registrant to obtain a Certificate for the
requested Fully-Qualified Domain Name, the CA SHALL use a mail system address
formed in one of the following ways:
1. Supplied by the Domain Name Registrar;
2. Taken from the Domain Name Registrant's "registrant", "technical", or "administrative" contactinformation, as it appears in the Domain's WHOIS record; or;
3. By pre-pending a local part to a Domain Name as follows: a. Local part - One of the following: 'admin', 'administrator', 'webmaster', 'hostmaster', or 'postmaster'; and b. Domain Name - Formed by pruning zero or more components from the Registered Domain Name or the requested Fully-Qualified Domain Name.
So, if you are able to receive an email on one of those addresses you can
provide domain ownership to the certificate provider.
#### Organization Validation
This is one level up from the DV certificate, the Organization Validation, or OV
certificate. The CA checks the right of the applicant to use a specific domain
name PLUS it conducts some vetting of the organization. This means that the
WHOIS company information is compared to the local country's business registry.
For example, in The Netherlands that is the [Kamer van Koophandel][11] and in
the UK that is the [Companies House][12].
The same email verification is done as with a DV certificate, plus your
company's WHOIS address and company number is compared to data in such a
registry.
The false certificate would not have been issues if I have tried to get the OV
variant of this certificate. If I would have given the correct company data
instead of my personal data during the application it would have been.
#### Extended validation
An Extended Validation, or EV certificate is a certificate where the browser
displays a green bar with the company name. This certificate has the highest
level of validation behind it.
All the checks for a DV and an OV certificate are performed. The company data is
checked in a local registry. Then the CA calls up the phone number in the
company registry, and gives you a special code. The email you received earlier
contains a link where you need to enter the code, and if that is all correct the
certificate will be issues.
This extra step of calling the applicant is the only extra check they do, and
even that is automated. If you have a PBX or a call-menu you're out of luck
because their calling system fails then. Good luck manually contacting them and
getting the number changed...
### How can we prevent this
There are a lot of certificate authorities, and by a lot I mean hundreds. They
are all trusted by your browser, and all can issue certificates for any given
domain.
This ranges from large companies like Comodo, Thawte or Verisign, but also
countries. For example, The Netherlands have a ceritifcate tree ([Staat der
Nederlanden Root CA][13]) which is trusted by all major platforms. China, via
the [Hong Kong Post Office][14] as well.
Any CA can issue a certificate for ANY domain. That is a problem as well as a
benefit. A benefit because it allows you to choose the CA. It also allows you to
have multiple certificates, a backup certificate from another CA for example.
It is a problem because, if unnoticed, the Hong Kong Post office can issue
certificates for American companies and with those intercept people's
communication when they are in China, without them noticing.
We've had issues with this system, Diginotar was hacked, Turktrust has issued
wrong certificates, TrustWave issued a CA (subordinate) certificate to one of
it's customers instead of a regular certificate, Malasyan DigiCert Sdn. Bhd
issues weak certificates and even Microsofts [live.fi][15] domain was not safe.
There are a few ways to mitigate this problem. Certificate Transparency, Public
Key Pinning (HPKP) and DNS based authentication of Named Entities (DANE).
A combination of these solutions would have prevented this from happening.
xs4all did set up at least one of these things (TLSA), if all browsers would
support this then my certificate would be unusable. I'll cover a few of these
measurements here below.
### Certificate Transparency
![ct][16]
The [Certificate Transparency][17] project aims to remedy these certificate-
based threats by making the issuance and existence of SSL certificates open to
scrutiny by domain owners, CAs, and domain users. Specifically, Certificate
Transparency has three main goals:
1. Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain.
2. Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.
3. Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued.
They do this with Certificate Logs, Auditors and Monitors. It would provide
faster detection of mis-issued certificates and rouge CA's, plus faster
mitigation of issues like these. It is a very interesting project, read the
website to find out more about it. It does requires adoption by the CA's.
#### HTTP Public Key Pinning (HPKP)
HTTP Public Key Pinning means that a certificate chain must include a
whitelisted public key. It ensures only whitelisted Certificate Authorities (CA)
can sign certificates for *.example.com, and not any CA in your browser store.
HPKP allows a website owner to specify public keys in the website headers. These
public keys must be in the certificate chain, otherwise the validation will
fail.
It allows you to include the public key of your certificate and a backup
certificate. Browsers save these headers, if you've visited a website (with
HPKP) once and later on the certificate is changed maliciously, your browser
will fail to connect to the website.
An example might be your bank, which always have their certificate from CA
Company A. With the current certificate system, CA Company B, CA Company C and
the NSA CA can all create a certificate for your bank, which your browser will
hapily accept because those companies are also trusted root CA's.
If the bank implements HPKP and pin's their first intermidiate certificate (from
CA Company A), browsers will not accept certificates from CA Company B and CA
Company C, even if they have a valid trust path. HPKP also allows your browser
to report back the failure to the bank, so that they know they are under attack.
I've written [an article about HPKP][18] which explains this in more detail and
provides configuration examples for Apache, NGINX and Lighttpd.
#### DNS based authentication of Named Entities (DANE)
[DANE][19] enables the administrator of a [domain name to certify the keys used
in that domain's TLS clients or servers by [storing them in the Domain Name
System (DNS). DANE needs DNS records to be [signed with DNSSEC.
The difference with HTTP Public Key Pinning is that this data is in a DNS
record, not in the HTTP headers. For HPKP to work you need to have visited the
website at least once, DANE does not have this requirement because a DNS lookup
happens before the HTTP connection.
None of the major browsers sadly support DANE validation. There [is a browser
extension][20] available which does support this.
My ISP, xs4all, does have DANE record set up. If all the major browsers
supported this, my attempt to set up an MITM attack would fail and the
certificate would be worthless.
This is the TLSA record for xs4all.nl, port 443:
$ dig +dnssec +noall +answer +multi _443._tcp.www.xs4all.nl. TLSA
_443._tcp.www.xs4all.nl. 21599 IN TLSA 1 0 1 (
223A6659D06E9A81390938659E9EF241579E82B820D6
AFD8E17D548AEDEA3F13 )
If we take the current, valid, [public key][21] for xs4all.nl we can validate
this.
First convert the PEM file (`xs4all.pem`) to DER.
openssl x509 -inform PEM -in xs4all.pem -outform DER -out xs4all.der
Then we calculate the SHA 256 hash of this DER file:
openssl sha256 xs4all.der
SHA256(xs4all.der)= 223a6659d06e9a81390938659e9ef241579e82b820d6afd8e17d548aedea3f13
This is the same as the TLSA record above. If we take (valid) the certificate I
got it gives us a different SHA 256 hash:
$ openssl x509 -inform PEM -in xs4all.nl.pem -outform DER | openssl sha256
(stdin)= 83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24
That would not be valid according to the TLSA record.
DANE allows a website owner to set up a special `TLSA` DNS Record. This DNS
record holds what is called Certificate Association data. In conjunction with
DNSSEC signatures, this will permit better and more secure ways for applications
to authenticate certificates. The record can be used in 4 different ways
(defined by a "Usage" field):
* (Usage 0) Specify authorized public CAs - this can prevent certificates signed by CAs that you didn't explicitly specify from being trusted by client software.
* (Usage 1) Specify which specific server certificate can be trusted. The public CA certificate validation chain all the way to the server certificate must still be validated.
* (Usage 2) Authorize a new non-public CA (eg. a CA that the domain owner operates itself)
* (Usage 3) Directly specify the server certificate in the DNS - no certificate chain from a public CA needs to be used. This is called a "Domain issued certificate"
If you're looking for a way to not use public CAs, Usage 3 is probably the one
for you. That allows you to just create a self signed certificate and put the
hash in a TLSA record, not requiring a certificate from a trusted certificate
authority.
[This webpage][22] has a generator if you want to set up your own certificate
TLSA record.
### Proof
A few screenshots and a nice article don't make a whole. Here is the textual
output of the certificate:
$ openssl x509 -noout -text -in xs4all.nl.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:84:46:9d:bf:7a:09:40:d3:c4:8a:95:af:2e:8b:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
Validity
Not Before: Mar 20 00:00:00 2015 GMT
Not After : Mar 19 23:59:59 2016 GMT
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=xs4all.nl
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:e3:d4:a4:89:c0:58:6c:ef:f0:0b:b3:97:03:c5:
f2:37:b3:b4:8c:59:2d:9c:50:04:37:04:2f:b0:31:
df:a1:e7:fa:6d:78:25:3d:1a:e1:0c:48:7d:4e:af:
3b:ff:57:d7:e5:19:85:fe:7d:f8:fe:90:33:a0:b0:
4b:8e:1b:a9:86:4b:6a:70:70:f7:b4:22:de:90:62:
99:8f:ba:42:8c:20:63:74:16:5d:29:23:4f:08:e1:
e2:0f:73:17:0f:f4:23:f3:86:6b:4c:24:0a:c1:28:
9d:cf:82:73:9f:50:59:12:cc:15:60:bb:57:64:71:
13:6f:b3:04:38:33:59:d3:9f:67:ce:07:0e:85:22:
a2:19:53:51:1b:76:3c:40:c9:4b:a2:0c:14:05:10:
6f:f2:b3:6e:6c:b6:95:a6:60:17:d1:2f:bc:b7:19:
b0:5a:19:b2:98:a4:e9:10:b6:6e:64:68:f4:42:9d:
e3:b2:7a:17:e9:4b:cd:99:8d:ab:01:58:8f:69:ba:
a2:2e:e2:54:06:99:a8:72:14:71:a5:f3:25:9b:81:
92:7a:0c:67:9b:73:5c:11:a8:69:96:1b:99:65:5f:
64:96:41:f4:91:75:b7:26:cf:a8:2b:a0:28:dc:33:
90:20:7a:7e:97:72:e0:7c:93:e9:22:a3:b8:28:84:
58:08:fa:3b:17:08:e8:c4:ce:67:d4:50:23:5c:0e:
7e:9d:0c:3f:f1:8c:41:53:83:7c:6e:b2:c4:7d:c5:
fb:68:cb:a5:06:9c:91:8d:3c:9d:2e:20:96:3b:c4:
b1:fa:ed:58:c2:37:fe:1e:a8:8a:c9:ea:a3:49:5d:
8d:60:be:88:68:27:2a:cc:6e:e3:ef:55:23:85:7a:
fc:ad:ed:2f:0e:31:03:c7:10:ba:dd:12:9a:88:5d:
ef:58:2e:54:e7:78:6a:58:68:3b:e3:78:bc:0f:88:
3e:b3:3c:2e:05:9e:54:6c:a1:db:e2:9b:01:be:e6:
92:9d:a7:22:4d:49:17:e1:78:ba:ca:6a:fe:9e:ff:
d2:80:80:af:7b:a0:10:17:2a:57:f1:31:e4:f0:38:
88:4b:0c:62:08:18:c5:8a:2a:18:ac:0c:b5:d2:b3:
4a:e2:d4:de:5c:ba:77:d4:5e:99:a1:19:ab:0b:e7:
82:a6:69:eb:eb:e2:99:20:9b:bc:84:6a:f4:bc:b0:
87:78:9c:b2:12:0f:36:57:fa:73:ec:e2:64:90:5b:
6a:c8:32:69:3b:b6:4e:f8:7d:c5:36:08:13:8b:b0:
60:0f:90:07:99:c4:a0:fe:a2:b9:d2:e3:30:6b:4d:
9c:ed:7e:2e:a2:d7:c4:52:01:0e:dd:69:87:12:22:
8d:f0:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7
X509v3 Subject Key Identifier:
2A:53:FE:18:5C:23:C9:91:A4:71:6A:69:FE:B0:DB:6F:79:2B:43:D8
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.7
CPS:
https://secure.comodo.com/CPS
Policy: 2.23.140.1.2.1
X509v3 CRL Distribution Points:
Full Name:
URI:
http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
Authority Information Access:
CA Issuers - URI:
http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
OCSP - URI:
http://ocsp.comodoca.com
X509v3 Subject Alternative Name:
DNS:xs4all.nl, DNS:www.xs4all.nl
Signature Algorithm: sha256WithRSAEncryption
33:d6:51:87:3c:b5:7f:29:a7:58:49:54:45:73:c8:de:ab:41:
cd:6c:13:6d:c4:e7:c8:b4:85:dd:b2:6d:91:34:7b:75:d9:71:
16:8a:e7:79:1a:b2:16:7f:ae:d5:2a:61:1d:6c:be:0b:10:af:
1b:cf:a7:b6:7e:51:7c:49:20:07:da:2b:aa:2c:72:1b:70:ab:
6a:ca:ad:8e:ba:7b:98:fa:5e:12:40:b4:cb:8f:dd:35:16:3b:
8b:b4:14:59:56:8c:32:bc:5b:34:36:d4:fc:3a:d6:87:73:70:
ef:e5:fe:43:cf:55:3d:53:d8:ec:2b:ca:06:1b:72:8d:6a:c2:
5f:4c:46:a6:b4:12:1a:0b:ff:f8:40:a1:21:63:31:a6:40:c6:
9d:c3:67:c6:3f:28:6e:16:b6:39:ca:84:64:0d:b7:f3:dc:2f:
76:ca:5a:63:0c:23:2b:5a:d2:7d:13:d5:77:8d:24:38:fe:ac:
73:96:5e:fa:91:df:36:6e:be:4e:9c:52:c6:92:f3:f4:a6:fe:
45:47:3b:e4:52:6d:df:09:76:58:50:29:0f:b9:00:80:bf:37:
30:6e:32:b0:80:d6:97:ba:28:77:70:f0:2f:a0:66:ff:93:a8:
74:89:b4:5d:39:57:3e:da:28:4e:06:48:a1:6c:81:fd:e1:f0:
5a:cb:54:5d
Here is the public key in PEM:
# cat xs4all.nl.pem
-----BEGIN CERTIFICATE-----
MIIGPzCCBSegAwIBAgIQUoRGnb96CUDTxIqVry6LBjANBgkqhkiG9w0BAQsFADCBk
DELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1
UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAM
TLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAe
Fw0xNTAzMjAwMDAwMDBaFw0xNjAzMTkyMzU5NTlaME0xITAfBgNVBAsTGERvbWFpb
iBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxEjAQBgNVBA
MTCXhzNGFsbC5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOPUpIn
AWGzv8AuzlwPF8jeztIxZLZxQBDcEL7Ax36Hn+m14JT0a4QxIfU6vO/9X1+UZhf59
+P6QM6CwS44bqYZLanBw97Qi3pBimY+6QowgY3QWXSkjTwjh4g9zFw/0I/OGa0wkC
sEonc+Cc59QWRLMFWC7V2RxE2+zBDgzWdOfZ84HDoUiohlTURt2PEDJS6IMFAUQb/
Kzbmy2laZgF9EvvLcZsFoZspik6RC2bmRo9EKd47J6F+lLzZmNqwFYj2m6oi7iVAa
ZqHIUcaXzJZuBknoMZ5tzXBGoaZYbmWVfZJZB9JF1tybPqCugKNwzkCB6fpdy4HyT
6SKjuCiEWAj6OxcI6MTOZ9RQI1wOfp0MP/GMQVODfG6yxH3F+2jLpQackY08nS4gl
jvEsfrtWMI3/h6oisnqo0ldjWC+iGgnKsxu4+9VI4V6/K3tLw4xA8cQut0Smohd71
guVOd4alhoO+N4vA+IPrM8LgWeVGyh2+KbAb7mkp2nIk1JF+F4uspq/p7/0oCAr3u
gEBcqV/Ex5PA4iEsMYggYxYoqGKwMtdKzSuLU3ly6d9RemaEZqwvngqZp6+vimSCb
vIRq9Lywh3icshIPNlf6c+ziZJBbasgyaTu2Tvh9xTYIE4uwYA+QB5nEoP6iudLjM
GtNnO1+LqLXxFIBDt1phxIijfCHAgMBAAGjggHVMIIB0TAfBgNVHSMEGDAWgBSQr2
o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUKlP+GFwjyZGkcWpp/rDbb3krQ9g
wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcwKzApBggrBgEFB
QcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMFQGA1
UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUR
vbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUGCCsGAQUFBwEBBHkw
dzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBR
G9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaH
R0cDovL29jc3AuY29tb2RvY2EuY29tMCMGA1UdEQQcMBqCCXhzNGFsbC5ubIINd3d
3LnhzNGFsbC5ubDANBgkqhkiG9w0BAQsFAAOCAQEAM9ZRhzy1fymnWElURXPI3qtB
zWwTbcTnyLSF3bJtkTR7ddlxForneRqyFn+u1SphHWy+CxCvG8+ntn5RfEkgB9orq
ixyG3Crasqtjrp7mPpeEkC0y4/dNRY7i7QUWVaMMrxbNDbU/DrWh3Nw7+X+Q89VPV
PY7CvKBhtyjWrCX0xGprQSGgv/+EChIWMxpkDGncNnxj8obha2OcqEZA2389wvdsp
aYwwjK1rSfRPVd40kOP6sc5Ze+pHfNm6+TpxSxpLz9Kb+RUc75FJt3wl2WFApD7kA
gL83MG4ysIDWl7ood3DwL6Bm/5OodIm0XTlXPtooTgZIoWyB/eHwWstUXQ==
-----END CERTIFICATE-----
Here is the private key:
# cat xs4all.nl.key
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDj1KSJwFhs7/AL
s5cDxfI3s7SMWS2cUAQ3BC+wMd+h5/pteCU9GuEMSH1Orzv/V9flGYX+ffj+kDOg
sEuOG6mGS2pwcPe0It6QYpmPukKMIGN0Fl0pI08I4eIPcxcP9CPzhmtMJArBKJ3P
gnOfUFkSzBVgu1dkcRNvswQ4M1nTn2fOBw6FIqIZU1EbdjxAyUuiDBQFEG/ys25s
tpWmYBfRL7y3GbBaGbKYpOkQtm5kaPRCneOyehfpS82ZjasBWI9puqIu4lQGmahy
FHGl8yWbgZJ6DGebc1wRqGmWG5llX2SWQfSRdbcmz6groCjcM5Agen6XcuB8k+ki
o7gohFgI+jsXCOjEzmfUUCNcDn6dDD/xjEFTg3xussR9xftoy6UGnJGNPJ0uIJY7
xLH67VjCN/4eqIrJ6qNJXY1gvohoJyrMbuPvVSOFevyt7S8OMQPHELrdEpqIXe9Y
LlTneGpYaDvjeLwPiD6zPC4FnlRsodvimwG+5pKdpyJNSRfheLrKav6e/9KAgK97
oBAXKlfxMeTwOIhLDGIIGMWKKhisDLXSs0ri1N5cunfUXpmhGasL54Kmaevr4pkg
m7yEavS8sId4nLISDzZX+nPs4mSQW2rIMmk7tk74fcU2CBOLsGAPkAeZxKD+ornS
4zBrTZztfi6i18RSAQ7daYcSIo3whwIDAQABAoICAQDba9qjyJnhIRyhSG9y9NuZ
BfwnB2REHVRR4DhFi2MEPbUUZRgIR7Di8ZWtiFtSSrnlLbW9Knn6QctXQTMjRET6
z/tNG5+U39hWWn/mys54wmDGVxuWGSlvNo1Pr9pQRSOy0IzaIgQxj/qc9diBYRLI
ZcFZDlTWqYi8lT7FGb+zbty8slMrqfVQSsvclPzmsHelM9i8H96RcnoxPY/XUsjd
cQphld4giItXM8w7ile7YNGOrx2ysKAC0jzLXIOLok1M2LCGUvf1+1sds87YstpP
cHUwEm5earYLU5WNOjt8RGlNxWvUA/lG6cvfaDqyCP8QKKlvFvZZROLNt7wPWZam
DV5a4o7RnVXflLQ7/asQwhIKq38T43q2MwhSA7uCcXTWAxcrJAXVyZ5viAh4tCcz
wiydGzzFR52jmYrvYuGjmFxO0YiPHy4+XqwXDQEjIR2eaUq46lTM0F6MCp/pWpIT
Ygd0cHcJYNCbUB6ondkw4nB8ZWB3Tuc+jlXc8c3Jkic8P4UaxtsCjHJ8eLt+7/TY
/rD9N0dbfmRF0Aq5Dbv4lxAfdz3yt+OcYJ5yQ26MlHPjyds/sv1I0HU8vPY+9xaA
S07xU0rF2Iv+BF3LSv4MbMICGmKtsBAZseAxCSmPQ5nbU7R64xADgq59CfgLTx2k
KAMBuNMo1nbbgWgAstnGcQKCAQEA+TcqTL/YwTUdCiaLt8xKK+KWyACsdGDXcSVK
GUMvV4/3EnGjMuNIBP9Syuu1gBwyHIUIL64oADn7DMuhv6OcogdaMj6DH97J/klt
d7xaL4t+W3yMVbXEMTdjKS8UbDUj/s60h5wCW0ic3pc2fKSff2carCqBg49H/ChJ
zR0gvWSilIYehOZyotFsQgVNrOoofRDMCTjQYchDGPjJx3Mvzcm1/1hsyOvHTfs4
wCkwmFYcLk577vrTtSjUFZ8/JC5SMGlRQqAkAojUZHDMaUibbnyTVeATqmefUG45
Zcw0xp2sDFruPOHsdwtRh47MaRjD4wrDYYIy0lT8eSa3bL1fSwKCAQEA6ghxJe5B
xKogOK1GX6wLIZJ1nlbM3aXTPnsCyvZaF2RKbF+6jgqvWOfWM/4oj/rRNPuqi5vT
RjusEyltXhLFTF9fEcL8zUL9ex3Vb3wxgqWnuc5GRPZCQGJX9oW67eu0OIRhlYl/
TQ9INaelbUPa0ATDCshLi13v+uy6uyKLMbd8w+GQiJdgqnmbpdC9jTcbT4MxtMFV
R7ocQ7vf4a5Xk4iUC9EACXjfkIpSQ7SeeHzvR0DUiv/HD4WtP4Fcvx+uQDt/5jFV
iM4Yxs4uvRB5CfogmLv36Hr5zo/lPftpUnpeVSud/lhfljSow15eZjIS+8/NqlUY
vkgcZbcmawviNQKCAQEAhpKYX9tUs3f312xbFAPXpXz0yMk8VpeYnrtxGNUjslfG
JgqBAtCiKjipP3QqjSQslyPq+LxFU2H7w7wN+srhoMjxlqIU8le+oXaLCxYFaRkd
QU+vA/VkHON4w1tt3sSPTF/YMkY3K425T6U9we6vRf+p8n/9ccokJ/ClcYIiFMNL
24HU5xT9oBgQKlJs0EudU3OHig9IzxRxzwFBDFeR38Dlax4XmCNheyWGTpWvbQNK
smKlH7YILhH+/DICyYnNzeCBBcYty8SRVC9o4g1YCUBx2vRmCiVsbOUoT2UGtp2b
swxDC1M/+kR9YQLmNHYwCODeAkBpKxTDRLR4ZdqYowKCAQA1RpyzXMyd/3h8Tn2x
s9GI3/VkiS/z2RcApzIYkAIsRwlmKFiokygdnhE2HsqPFDLh09ScGWn8GANxDUI3
YyCE5UUYHwI7m99mUoFO8r+2lQ1cj+eRNVoZnAmYNhM6rCiHoSMxzm4rVapDhJl1
CThbmGnqH3SLEmRaA9/yT8fOFo4RbVzgq003IZ3cHmu4JO5TqHL9SfGm9WgPx0oM
7wpCrJm/IuHWRizmk4ZsoUZd+VrjJo/74IQpNW4eAc3iOE0LlD/mYB6vmPMs9qzP
H1veeJFJE6k4xB3v9vPhq0TroK2ux9Icn3OLFwvABdCJhSarKkAQYXTThEjqosnd
HoRtAoIBAQDvZeR+zHEc38fB5dhVtdix4NXcliM3YfT2Q+3rHPnpY+bwKNe+JaOM
i68HoE4W8047G89xdd/B3tGSj7Q9bN1vAvaCqeu5zNriVKVEW5kqh9C6nb064bUC
XCHSrRLbTxHFamKXGQa1aVlcCDAEiUhadYEVrR09EN6hFL918/uW52N67b98Zs7D
5/pF3pT9H6eOYJxrm/ls4a84B+NtX1RMnX1sx9nFHCRGYtMAWK/zxmqxJb7++1c5
smydcNi4uKoOEPIKiiKbdZvnuxw4T1ub0K+Mv9dkMuJApbHltFh0JVLwJGHg3z1m
6kWBQA69iw0FQ/ICf4fbi+xvkKQuSZCM
-----END PRIVATE KEY-----
Using OpenSSL we can calculate the hashes of this pair to see that they match:
Public Key:
$ openssl x509 -noout -modulus -in xs4all.nl.pem | openssl md5
(stdin)= f4ef82e22bed048e5c48b4da5e46afa7
Private Key:
$ openssl rsa -noout -modulus -in xs4all.nl.key | openssl md5
(stdin)= f4ef82e22bed048e5c48b4da5e46afa7
We can also use Openssl to validate that this certificate is revoked. First get
the CRL URL from the certificate:
$ openssl x509 -noout -text -in xs4all.nl.pem | grep -A 4 'X509v3 CRL Distribution Points'
X509v3 CRL Distribution Points:
Full Name:
URI:
http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
Download the CRL:
wget
http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
Transform the CRL to a PEM file:
$ openssl crl -inform DER -outform PEM -in COMODORSADomainValidationSecureServerCA.crl -out COMODORSADomainValidationSecureServerCA.crl.pem
We also need the full certificate chain. In this case it you can get it from
[Comodo][23]. I've placed it in the
`COMODORSADomainValidationSecureServerCA.pem` file. The `openssl verify` command
needs this concatenated together with the PEM CRL file to be able to do a CRL
check. Concatenate the two PEM files:
$ cat COMODORSADomainValidationSecureServerCA.crl.pem COMODORSADomainValidationSecureServerCA.pem > CA_CRL.pem
Perform the actual certificate validation.
$ openssl verify -crl_check -CAfile CA_CRL.pem xs4all.nl.pem
xs4all.nl.pem: OU = Domain Control Validated, OU = PositiveSSL, CN = xs4all.nl
error 23 at 0 depth lookup:certificate revoked
If we would validate the certificate without the CRL check it would turn out
valid:
$ openssl verify -CAfile COMODORSADomainValidationSecureServerCA.pem xs4all.nl.pem
xs4all.nl.pem: OK
If you want to this manually, you can try it like more verbosely. First get the
CRL from the certificate:
$ openssl x509 -noout -text -in xs4all.nl.pem | grep -A 4 'X509v3 CRL Distribution Points'
X509v3 CRL Distribution Points:
Full Name:
URI:
http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
Download the CRL:
wget
http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
Get the serial from the certificate:
$ openssl x509 -noout -serial -in xs4all.nl.pem
serial=5284469DBF7A0940D3C48A95AF2E8B06
Find out if the serial number is on the CRL:
$ openssl crl -inform DER -text -noout -in COMODORSADomainValidationSecureServerCA.crl | grep -A 1 5284469DBF7A0940D3C48A95AF2E8B06
Serial Number: 5284469DBF7A0940D3C48A95AF2E8B06
Revocation Date: Mar 20 04:32:29 2015 GMT
As we see it is, the certificate has been revoked.
[1]:
https://raymii.org/s/inc/img/xs4all2.png
[2]:
https://tls.so/?host=&port=&ciphersuites=1&csr=-----BEGIN+CERTIFICATE-----%0D%0AMIIGPzCCBSegAwIBAgIQUoRGnb96CUDTxIqVry6LBjANBgkqhkiG9w0BAQsFADCBk%0D%0ADELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1%0D%0AUEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAM%0D%0ATLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAe%0D%0AFw0xNTAzMjAwMDAwMDBaFw0xNjAzMTkyMzU5NTlaME0xITAfBgNVBAsTGERvbWFpb%0D%0AiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxEjAQBgNVBA%0D%0AMTCXhzNGFsbC5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOPUpIn%0D%0AAWGzv8AuzlwPF8jeztIxZLZxQBDcEL7Ax36Hn%2Bm14JT0a4QxIfU6vO%2F9X1%2BUZhf59%0D%0A%2BP6QM6CwS44bqYZLanBw97Qi3pBimY%2B6QowgY3QWXSkjTwjh4g9zFw%2F0I%2FOGa0wkC%0D%0AsEonc%2BCc59QWRLMFWC7V2RxE2%2BzBDgzWdOfZ84HDoUiohlTURt2PEDJS6IMFAUQb%2F%0D%0AKzbmy2laZgF9EvvLcZsFoZspik6RC2bmRo9EKd47J6F%2BlLzZmNqwFYj2m6oi7iVAa%0D%0AZqHIUcaXzJZuBknoMZ5tzXBGoaZYbmWVfZJZB9JF1tybPqCugKNwzkCB6fpdy4HyT%0D%0A6SKjuCiEWAj6OxcI6MTOZ9RQI1wOfp0MP%2FGMQVODfG6yxH3F%2B2jLpQack
Y08nS4gl%0D%0AjvEsfrtWMI3%2Fh6oisnqo0ldjWC%2BiGgnKsxu4%2B9VI4V6%2FK3tLw4xA8cQut0Smohd71%0D%0AguVOd4alhoO%2BN4vA%2BIPrM8LgWeVGyh2%2BKbAb7mkp2nIk1JF%2BF4uspq%2Fp7%2F0oCAr3u%0D%0AgEBcqV%2FEx5PA4iEsMYggYxYoqGKwMtdKzSuLU3ly6d9RemaEZqwvngqZp6%2BvimSCb%0D%0AvIRq9Lywh3icshIPNlf6c%2BziZJBbasgyaTu2Tvh9xTYIE4uwYA%2BQB5nEoP6iudLjM%0D%0AGtNnO1%2BLqLXxFIBDt1phxIijfCHAgMBAAGjggHVMIIB0TAfBgNVHSMEGDAWgBSQr2%0D%0Ao6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUKlP%2BGFwjyZGkcWpp%2FrDbb3krQ9g%0D%0AwDgYDVR0PAQH%2FBAQDAgWgMAwGA1UdEwEB%2FwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH%0D%0AAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcwKzApBggrBgEFB%0D%0AQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMFQGA1%0D%0AUdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUR%0D%0AvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUGCCsGAQUFBwEBBHkw%0D%0AdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBR%0D%0AG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaH%0D%0AR0cDovL29jc3AuY29tb2RvY2EuY29tMCMGA1UdEQQcMBqCCX
hzNGFsbC5ubIINd3d%0D%0A3LnhzNGFsbC5ubDANBgkqhkiG9w0BAQsFAAOCAQEAM9ZRhzy1fymnWElURXPI3qtB%0D%0AzWwTbcTnyLSF3bJtkTR7ddlxForneRqyFn%2Bu1SphHWy%2BCxCvG8%2Bntn5RfEkgB9orq%0D%0AixyG3Crasqtjrp7mPpeEkC0y4%2FdNRY7i7QUWVaMMrxbNDbU%2FDrWh3Nw7%2BX%2BQ89VPV%0D%0APY7CvKBhtyjWrCX0xGprQSGgv%2F%2BEChIWMxpkDGncNnxj8obha2OcqEZA2389wvdsp%0D%0AaYwwjK1rSfRPVd40kOP6sc5Ze%2BpHfNm6%2BTpxSxpLz9Kb%2BRUc75FJt3wl2WFApD7kA%0D%0AgL83MG4ysIDWl7ood3DwL6Bm%2F5OodIm0XTlXPtooTgZIoWyB%2FeHwWstUXQ%3D%3D%0D%0A-----END+CERTIFICATE-----+&s=
[3]:
http://xs4all.nl
[4]:
https://xs4all.nl
[5]:
https://webmail.xs4all.nl
[6]:
https://service.xs4all.nl
[7]:
https://www.ncsc.nl/
[8]:
https://raymii.org/s/inc/img/xs4all1.png
[9]:
https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf
[10]:
https://cabforum.org/baseline-requirements-documents/
[11]:
http://kvk.nl/
[12]:
https://www.gov.uk/government/organisations/companies-house
[13]:
https://cert.pkioverheid.nl/
[14]:
https://www.hongkongpost.gov.hk/product/ecert/apply/certapply.html
[15]:
http://arstechnica.com/security/2015/03/man-who-obtained-windows-live-cert-said-his-warnings-went-unanswered/
[16]:
https://raymii.org/s/inc/img/ct_intro_system.png
[17]:
http://www.certificate-transparency.org
[18]:
https://raymii.org/s/articles/HTTP_Public_Key_Pinning_Extension_HPKP.html
[19]:
https://tools.ietf.org/html/rfc6698
[20]:
https://www.dnssec-validator.cz/
[21]:
https://tls.so/?host=xs4all.nl&port=&ciphersuites=1&csr=&s=
[22]:
https://www.huque.com/bin/gen_tlsa
[23]:
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/979/108/domain-validation-sha-2
---
License:
All the text on this website is free as in freedom unless stated otherwise.
This means you can use it in any way you want, you can copy it, change it
the way you like and republish it, as long as you release the (modified)
content under the same license to give others the same freedoms you've got
and place my name and a link to this site with the article as source.
This site uses Google Analytics for statistics and Google Adwords for
advertisements. You are tracked and Google knows everything about you.
Use an adblocker like ublock-origin if you don't want it.
All the code on this website is licensed under the GNU GPL v3 license
unless already licensed under a license which does not allows this form
of licensing or if another license is stated on that page / in that software:
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <
http://www.gnu.org/licenses/>.
Just to be clear, the information on this website is for meant for educational
purposes and you use it at your own risk. I do not take responsibility if you
screw something up. Use common sense, do not 'rm -rf /' as root for example.
If you have any questions then do not hesitate to contact me.
See
https://raymii.org/s/static/About.html for details.
