Root certificate

Last updated
The role of root certificate as in the chain of trust. Chain of trust v2.svg
The role of root certificate as in the chain of trust.

In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA). [1] Root certificates are self-signed (and it is possible for a certificate to have multiple trust paths, say if the certificate was issued by a root that was cross-signed) and form the basis of an X.509-based public key infrastructure (PKI). Either it has matched Authority Key Identifier with Subject Key Identifier, in some cases there is no Authority Key identifier, then Issuer string should match with Subject string ( RFC   5280). For instance, the PKIs supporting HTTPS [2] for secure web browsing and electronic signature schemes depend on a set of root certificates.

Contents

A certificate authority can issue multiple certificates in the form of a tree structure. A root certificate is the top-most certificate of the tree, the private key which is used to "sign" other certificates. All certificates signed by the root certificate, with the "CA" field set to true, inherit the trustworthiness of the root certificate—a signature by a root certificate is somewhat analogous to "notarizing" identity in the physical world. Such a certificate is called an intermediate certificate or subordinate CA certificate. Certificates further down the tree also depend on the trustworthiness of the intermediates.

The root certificate is usually made trustworthy by some mechanism other than a certificate, such as by secure physical distribution. For example, some of the best-known root certificates are distributed in operating systems by their manufacturers. Microsoft distributes root certificates belonging to members of the Microsoft Root Certificate Program to Windows desktops and Windows Phone 8. [2] Apple distributes root certificates belonging to members of its own root program.

Incidents of root certificate misuse

DigiNotar hack of 2011

In 2011, the Dutch certificate authority DigiNotar suffered a security breach. This led to the issuing of various fraudulent certificates, which was among others abused to target Iranian Gmail users. The trust in DigiNotar certificates was retracted and the operational management of the company was taken over by the Dutch government.

China Internet Network Information Center (CNNIC) Issuance of Fake Certificates

Example of a DigiCert root certificate Firefox 89 AboutCertificate RootCA screenshot.png
Example of a DigiCert root certificate

In 2009, an employee of the China Internet Network Information Center (CNNIC) applied to Mozilla to add CNNIC to Mozilla's root certificate list [3] and was approved. Later, Microsoft also added CNNIC to the root certificate list of Windows.

In 2015, many users chose not to trust the digital certificates issued by CNNIC because an intermediate CA issued by CNNIC was found to have issued fake certificates for Google domain names [4] and raised concerns about CNNIC's abuse of certificate issuing power. [5]

On April 2, 2015, Google announced that it no longer recognized the electronic certificate issued by CNNIC. [6] [7] [8] on April 4, following Google, Mozilla also announced that it no longer recognized the electronic certificate issued by CNNIC. [9] [10]

WoSign and StartCom: Issuing fake and backdating certificates

In 2016, WoSign, China's largest CA certificate issuer owned by Qihoo 360 [11] and its Israeli subsidiary StartCom, were denied recognition of their certificates by Google. Microsoft removed the relevant certificates in 2017. [12]

WoSign and StartCom issued hundreds of certificates with the same serial number in just five days, as well as issuing backdating certificates. [13] WoSign and StartCom issued a fake GitHub certificate. [14]

See also

Related Research Articles

<span class="mw-page-title-main">Public key infrastructure</span> System that can issue, distribute and verify digital certificates

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes the public key and information about it, information about the identity of its owner, and the digital signature of an entity that has verified the certificate's contents. If the device examining the certificate trusts the issuer and finds the signature to be a valid signature of that issuer, then it can use the included public key to communicate securely with the certificate's subject. In email encryption, code signing, and e-signature systems, a certificate's subject is typically a person or organization. However, in Transport Layer Security (TLS) a certificate's subject is typically a computer or other device, though TLS certificates may identify organizations or individuals in addition to their core role in identifying devices. TLS, sometimes called by its older name Secure Sockets Layer (SSL), is notable for being a part of HTTPS, a protocol for securely browsing the web.

In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures.

In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.

CAcert.org is a community-driven certificate authority that issues free X.509 public key certificates. CAcert.org relies heavily on automation and therefore issues only Domain-validated certificates.

In cryptography and computer security, self-signed certificates are public key certificates that are not issued by a certificate authority (CA). These self-signed certificates are easy to make and do not cost money. However, they do not provide any trust value.

The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet standards track. It was created as an alternative to certificate revocation lists (CRL), specifically addressing certain problems associated with using CRLs in a public key infrastructure (PKI). Messages communicated via OCSP are encoded in ASN.1 and are usually communicated over HTTP. The "request/response" nature of these messages leads to OCSP servers being termed OCSP responders.

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to validate authenticity and integrity. Code signing was invented in 1995 by Michael Doyle, as part of the Eolas WebWish browser plug-in, which enabled the use of public-key cryptography to sign downloadable Web app program code using a secret key, so the plug-in code interpreter could then use the corresponding public key to authenticate the code before allowing it access to the code interpreter's APIs.

The China Internet Network Information Center, or CNNIC, is the administrative agency responsible for domain registry affairs of .cn under the Cyberspace Administration of China.

<span class="mw-page-title-main">Extended Validation Certificate</span> Certificate for HTTPS websites and software

An Extended Validation Certificate (EV) is a certificate conforming to X.509 that proves the legal entity of the owner and is signed by a certificate authority key that can issue EV certificates. EV certificates can be used in the same manner as any other X.509 certificates, including securing web communications with HTTPS and signing software and documents. Unlike domain-validated certificates and organization-validation certificates, EV certificates can be issued only by a subset of certificate authorities (CAs) and require verification of the requesting entity's legal identity before certificate issuance.

The Online Certificate Status Protocol (OCSP) stapling, formally known as the TLS Certificate Status Request extension, is a standard for checking the revocation status of X.509 digital certificates. It allows the presenter of a certificate to bear the resource cost involved in providing Online Certificate Status Protocol (OCSP) responses by appending ("stapling") a time-stamped OCSP response signed by the CA to the initial TLS handshake, eliminating the need for clients to contact the CA, with the aim of improving both security and performance.

GlobalSign is a certificate authority and a provider of internet identity and security products. As of January 2015, Globalsign was the 4th largest certificate authority in the world, according to Netcraft.

<span class="mw-page-title-main">DigiCert</span> Internet security company

DigiCert, Inc. is a digital security company headquartered in Lehi, Utah. DigiCert provides public key infrastructure (PKI) and validation required for issuing digital certificates or TLS/SSL certificates, acting as a certificate authority (CA) and trusted third party.

The Certification Authority Browser Forum, also known as the CA/Browser Forum, is a voluntary consortium of certification authorities, vendors of Internet browser and secure email software, operating systems, and other PKI-enabled applications that promulgates industry guidelines governing the issuance and management of X.509 v.3 digital certificates that chain to a trust anchor embedded in such applications. Its guidelines cover certificates used for the SSL/TLS protocol and code signing, as well as system and network security of certificate authorities.

StartCom was a certificate authority founded in Eilat, Israel, and later based in Beijing, China, that had three main activities: StartCom Enterprise Linux, StartSSL and MediaHost. StartCom set up branch offices in China, Hong Kong, the United Kingdom and Spain. Due to multiple faults on the company's end, all StartCom certificates were removed from Mozilla Firefox in October 2016 and Google Chrome in March 2017, including certificates previously issued, with similar removals from other browsers expected to follow.

DigiNotar was a Dutch certificate authority owned by VASCO Data Security International, Inc.

Certificate Transparency (CT) is an Internet security standard for monitoring and auditing the issuance of digital certificates.

Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It is the world's largest certificate authority, used by more than 300 million websites, with the goal of all websites being secure and using HTTPS. The Internet Security Research Group (ISRG), the provider of the service, is a public benefit organization. Major sponsors include the Electronic Frontier Foundation (EFF), the Mozilla Foundation, OVH, Cisco Systems, Facebook, Google Chrome, Internet Society, AWS, NGINX, and Bill and Melinda Gates Foundation. Other partners include the certificate authority IdenTrust, the University of Michigan (U-M), and the Linux Foundation.

HTTP Public Key Pinning (HPKP) is an obsolete Internet security mechanism delivered via an HTTP header which allows HTTPS websites to resist impersonation by attackers using misissued or otherwise fraudulent digital certificates. A server uses it to deliver to the client a set of hashes of public keys that must appear in the certificate chain of future connections to the same domain name.

In 2015, the government of Kazakhstan created a root certificate which could have enabled a man-in-the-middle attack on HTTPS traffic from Internet users in Kazakhstan. The government described it as a "national security certificate". If installed on users' devices, the certificate would have allowed the Kazakh government to intercept, decrypt, and re-encrypt any traffic passing through systems it controlled.

References

  1. "What Are CA Certificates?". Microsoft TechNet. 2003-03-28.
  2. 1 2 "Windows and Windows Phone 8 SSL Root Certificate Program (Member CAs)". Microsoft TechNet. October 2014.
  3. "476766 - Add China Internet Network Information Center (CNNIC) CA Root Certificate". bugzilla.mozilla.org. Archived from the original on 2020-02-22. Retrieved 2020-01-03.
  4. "CNNIC发行的中级CA发行了Google的假证书". solidot. 2015-03-24. Archived from the original on 2015-03-26. Retrieved 2015-03-24.
  5. "最危险的互联网漏洞正在逼近". Archived from the original on 2015-11-21. Retrieved 2015-03-26.
  6. "Google Bans China's Website Certificate Authority After Security Breach". No. April 2, 2015. Extra Crunch.
  7. "谷歌不再承認中國CNNIC頒發的信任證書". 華爾街日報 . 2015-04-03. Retrieved 2015-04-03.
  8. "谷歌不再信任中国CNNIC 的网站信任证书". 美國之音 . 2015-04-03. Retrieved 2015-04-03.
  9. "Google and Mozilla decide to ban Chinese certificate authority CNNIC from Chrome and Firefox". VentureBeat. April 2, 2015.
  10. "Mozilla紧随谷歌 拒绝承认中国安全证书". 美國之音 . 2015-04-04. Retrieved 2015-04-04.
  11. "谷歌宣布开始全面封杀使用沃通CA证书网站,信誉破产的恶果 - 超能网". www.expreview.com. Retrieved 2020-01-03.
  12. Microsoft Defender Security Research Team (2017-08-08). "Microsoft to remove WoSign and StartCom certificates in Windows 10". Microsoft.
  13. "CA:WoSign Issues - MozillaWiki". wiki.mozilla.org. Retrieved 2020-01-03.
  14. Stephen Schrauger. "The story of how WoSign gave me an SSL certificate for GitHub.com". Schrauger.com.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.