3

Let's say, that I buy an *.example.com SSL certificate. I want now to generate subcertificates and include the *.example.com certificate in a trust path:

  1. host1.example.com, with an alternate name rr.example.com
  2. host2.example.com, with an alternate name rr.example.com
  3. host3.example.com, with an alternate name rr.example.com

The questions are:

  1. Will those subcertificates be recognized by the web browsers and another clients if the *.example.com cert is recognized?
  2. Should I need to regenerate all the subcertificates when the major cert expires, or would I be able to prolong the *.example.com one leaving the rest intact, or issue a new *.example.com and sign my subcertificates with this one?

I'm actually searching for a cheap way to migrate my network from self-signed certificates to the signed ones, that's why every server should have a different certificate and not a shared one. Besides, it should be also easier in maintenance if one of those keys leak.

Improve this question
1
  • Interesting approach. Theoretically it should work if you chain the certs accordingly. But maybe someone more senior with this topic knows it more specifically.
    – binaryanomaly
    Commented Apr 28, 2014 at 9:39

2 Answers 2

Reset to default
2

Unfortunately the PKI model as implemented in the browsers does not enforce a restriction of the domains you can sign with a CA, thus any sub-CA can sign any domain it wants. That's why no CA trusted in the browsers will issue such a sub-CA anymore (at least officially, they still might issue them to allow some agencies to mount man-in-the-middle attacks). So you will not be able to buy a sub-CA which is only able to sign domains below example.com.

Even if you would be able to buy such a certificate the subject does not matter, e.g. it can be *.example.com or whatever. The subject is only used to find the issuing CA by matching the issuer name in the leaf certificate with the subject name of the known CAs when validating the trust chain.

Apart from that, a certificate is not signed with the certificate of the CA, but with its private key. So if the certificate of the CA expires you can just issue a new certificate with the same public/private key pair and subject and you don't need to re-issue all the certificates signed by your CA. But usually the validity of a CA is much longer than the one of the certificates issued by the CA. So you usually don't re-issue a new CA certificate because its not valid any more, but because the private key got compromised or it got too weak (e.g. replace 1024 bit keys with 2048 bit). In this case the public key changes so you need to re-sign the certificates issued by the CA.

Improve this answer
1

I think you will need your own CA model for you servers as buying a valid certificate to sign other certificates is not an option according to this.

Assuming you have an internal network of servers serving data/services over HTTPS. you can use openssl to create a certificate hierarchy. At the top level it will be a self-signed certificate which will be used to sign other certificates for the use of your servers. refer this for details. The best part about using openssl is that it requires zero investments to come up with a CA model.

The certificates generated by this approach will be recognized by browsers if the root certificate is installed in the trust store. As you have full control over your root certificate you can give it desired validity simplifying the maintenance.

In case of a private key leak. You need to come up with a new root certificate and generate new server certificates. But with this approach it should not be a big problem.

Improve this answer
1
  • As the service is to be released to a wider public, it's not possible to use our own CA model.
    – czaks
    Commented Apr 30, 2014 at 19:43

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .