简体繁体 English

2路TLS和CA签名证书

[英]2 way TLS with CA signed certificate

原文 2018-07-11 23:14:01 1 2 java/ security/ ssl/ tls1.2

I'm tasked to implement a 2 way TLS in the context of Java. 我的任务是在Java上下文中实现2种方式的TLS。 I found an example ( https://www.opencodez.com/java/implement-2-way-authentication-using-ssl.htm ) and was able to put it together as a demo myself. 我找到了一个示例（ https://www.opencodez.com/java/implement-2-way-authentication-using-ssl.htm ），并自己将其整合为一个演示。 Just like this example, all the other examples I can find on-line are using self-signed certificate. 就像这个示例一样，我在网上可以找到的所有其他示例都使用自签名证书。 But now the issue comes what if we use third-party CA signed certificate. 但是现在问题来了，如果我们使用第三方CA签名证书怎么办。 How would it impact this demo? 它将如何影响本演示？ And also please consider these 2 scenarios: 另外，请考虑以下两种情况：

On server side, I only care if the client is certified by the CA. 在服务器端，我只关心客户端是否经过CA认证。 For example a totally new client that server was not aware of before, as long as it can obtain a certificate with the CA, then the server would provide the service; 例如，一个服务器以前不知道的全新客户端，只要它可以通过CA获得证书，服务器就可以提供服务。
It's point-to-point relationship, not only the client needs to present a certificate issued by the CA, the server would also check the certificate to see if the client is on a predefined list of entities to be eligible for the service; 这是点对点的关系，不仅客户端需要出示由CA颁发的证书，服务器还将检查证书，以查看客户端是否在符合资格的实体的预定义列表中；

So how should I configure my keystore and truststore respectively for these above 2 different scenarios? 那么，如何针对上述2种不同方案分别配置我的密钥库和信任库？

2 个解决方案

The difference with CA-signed certificates at both ends is that unless the CA is unknown to the JRE's built-in truststore, you don't need to do any exporting from keystores and importing into truststores, and you don't need your own custom truststores. 两端与CA签名证书的区别在于，除非JRE的内置信任库不知道CA，否则您不需要从密钥库导出和导入信任库，也不需要自己的自定义信任库。 You just need to import the CA's bundle and the CA-signed certificate resulting from your own CSR into your own keystore in each case. 在每种情况下，您只需要将您自己的CSR生成的CA捆绑软件和CA签名的证书导入到您自己的密钥库中即可。

the server would also check the certificate to see if the client is on a predefined list of entities to be eligible for the service. 服务器还将检查证书，以查看客户端是否在符合条件的实体的预定义列表中。

That's an authorization step that the server application must perform after the connection is completed, as you said in your question. 正如您在问题中所说的，这是服务器应用程序在连接完成后必须执行的授权步骤。 It isn't part of the keystore/truststore setup, which is only to do with authentication. 它不是密钥库/信任库设置的一部分，仅与身份验证有关。 Don't mix these steps up. 不要混淆这些步骤。 The server (or an Apache HTTPD in front of it) would check the subject DN of the certificate to see if that DN has the appropriate role(s) to use the requested service (eg URL). 服务器（或其前面的Apache HTTPD）将检查证书的主题DN，以查看该DN是否具有使用所请求服务（例如URL）的适当角色。 This can be built into Apache HTTPD, or Tomcat CMA. 可以将其内置到Apache HTTPD或Tomcat CMA中。

On either side, client and server, you are going to need the keystore for that side. 在客户端和服务器的任一端，您都需要该端的密钥库。 That only really needs the certificate and private key. 那真的只需要证书和私钥。

Then, each side needs the trust root of the other side, but doesn't need its own. 这样，每一方都需要另一方的信任根，但不需要它自己的信任根。 The server needs the root CA of the client, and vice-versa (unless you ignore server-certificate verification on the client). 服务器需要客户端的根CA，反之亦然（除非您忽略客户端上的服务器证书验证）。 The root will be in the truststore. 根将位于信任库中。

Then on top of that, each side needs any intermediate CAs of the other side. 然后，最重要的是，每一侧都需要另一侧的任何中间CA。 They can either already have them in their truststore, or, they can receive them from the other side. 他们可以已经在信任库中拥有它们，或者可以从另一端接收它们。

So to be polite, each side could also include their own intermediate CA certificates and send them in the chain to help the other side out. 因此要礼貌一点，双方还可以包括自己的中间CA证书，并将其发送到链中以帮助另一方。 Otherwise, neither side actually has any need for their own CA or intermediate CA certificates. 否则，双方实际上都不需要自己的CA证书或中间CA证书。

So the server needs the client's root CA, and will either need any intermediate CA certificates ahead of time, or receive them from the client. 因此，服务器需要客户端的根CA，并且会提前需要任何中间的CA证书，或者从客户端接收它们。

UPDATE: Responding to your comment below, if you want to filter client certificates, it is possible in some TLS implementations (openssl, for example). 更新：响应下面的评论，如果要过滤客户端证书，则可以在某些TLS实现中使用（例如，openssl）。 You can hook into the verification step and have your say as to whether or not the connection is allowed. 您可以进入验证步骤，并对是否允许连接发表意见。 This seems a little low-level, but it does have some advantages. 这看起来有点低级，但是确实有一些优势。 For example, you could keep a concatenation of all permitted client certificates in a text file (only the public certs -- not any private keys), and read this into an openssl "stack of certificates" at start up, then run through that looking for a match on each TLS connection. 例如，您可以在文本文件中保留所有允许的客户端证书的串联（仅公共证书，而不是任何私钥），并在启动时将其读入openssl“证书堆栈”，然后遍历该外观每个TLS连接上的匹配项。 That is a very specific whitelisting of clients. 那是一个非常具体的客户白名单。

I would caution against simply checking the DN for a pattern to decide if the client is allowed, as this could be a big security hole. 我会提醒您不要简单地检查DN中的模式以决定是否允许客户端，因为这可能是一个很大的安全漏洞。 An attacker could simply obtain a public certificate from any well-known CA , asking for a DN that fits the pattern you are looking for. 攻击者可以简单地从任何知名的CA获取公共证书，要求提供适合您所寻找模式的DN。 This would be accepted by your server because the CA is one of hundreds of trusted CAs on the typical default truststore. 这将被您的服务器接受，因为CA是典型默认信任库中数百个受信任CA之一。 Once the connection is accepted, the DN fits the expected pattern, and so the client is allowed. 接受连接后，DN将符合预期的模式，因此允许客户端。