0

Situation: I have an internal PKI with a shared root CA, and multiple intermediate CAs. I want anything issued by any intermediate CA to all trust each other. Is there a way to do this that most programs/languages will be happy with?

My present understanding is that this isnt easily possible, but I'm wondering if my understanding is flawed.

So if we have programs:

  • funky fresh with a trust chain of shared root => first int
  • sparkly clean with trust chain of shared root => second int

and I absolutely need mutual trust between these two, is my only choice to make a big CA certificate with root=>first and root=>second stapled onto each other? Or can I somehow just have a chain with root in it?

Could I get by all of this by adding the root to the OS level trust store, or if they're containers, into a given containers trust store? (under /etc/pki/ca-trust/source/anchors or something)

My second thought, and perhaps this is a bad one, but because everything is internal and we have a CRL -- we can only use a root CA, and simply keep a strict eye and a clean CRL for TLS certificates instead of CA-level certificates.

Is there some way I can hopefully get software to build it's own chain if I expose the CRLs and CAs at specific endpoints defined anywhere?

chucky_z
  • 51
  • 4

1 Answers1

3

I'm not sure if I understand your question correctly or if you get the concept right, but

  • Certificates don't trust each other - the TLS client instead trusts some certificate authorities and derives trust into server certificates from this.
  • A TLS client basically trusts every certificate issued by a trusted CA, as long as it matches expectations like not expired, matches subject etc. The TLS client must be able to build the trust chain though to the trusted CA. Therefore the TLS client needs to know the relevant intermediate certificate(s) which are usually send inside the TLS handshake.

Thus, if you want any client to trust any certificates no matter which intermediate CA was used, then a) the client needs to trust the root CA and b) the servers need to send the intermediate CAs during the TLS handshake in addition to the server certificate.

See also SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate?.

Steffen Ullrich
  • 13,227
  • 27
  • 39
  • Thank you Steffen! My situation explicitly *never* involves browsers. Are you aware of any of the above explanations from a non-browser perspective? e.g.: if I want a golang http client to communicate with a golang http server, both of which require mutual TLS. I guess I'll have to go play around a bit. :) – chucky_z Jan 11 '21 at 01:31
  • @chucky_z: Other TLS clients behave the same. This is only explained for browsers because these are the most common TLS clients. This is basically how certificate validation in PKI work in general, no matter if browser, mail client, app on mobile phone, certificate validation when signing documents or email etc. – Steffen Ullrich Jan 11 '21 at 07:20