This is part 2 in a series of tech tips on the F5 BIG-IP LTM SSL profiles.

1. SSL Overview and Handshake
2. SSL Certificates
3. Certificate Chain Implementation
4. Cipher Suites
5. SSL Options
6. SSL Renegotiation
7. Server Name Indication
8. Client Authentication
9. Server Authentication
10. All the "Little" Options

In part 1, we covered the basics of the TLS handshakes and the context of the client and server ssl profiles.  This time we’ll take a look at certficates.

What is an SSL Certificate?

The certificate is nothing more than a document containing the public key the client will use to compute key material and information about expiration, common and distinguished names, contact information, etc.  A certificate can be modified until it is signed. This can be done to itself, which would be a self-signed certificate (all root certificates are self-signed) or a certificate can be signed by a certificate authority (CA).  The certificate below in Figure 1 might look familiar.

I created this certificate from a private certificate authority I set up when looking at HTTP Strict Transport Security a couple months back.  That begs another question: What is a certificate authority?

SSL Certificate Authorities

The CA is one component within the larger public key infrastructure (PKI).  CA’s serve as a trusted 3rd party between server and client, issuing (and revoking) the certificates.  The server and optionally the client (owners) request a certificate that is signed by the CA.  Both client and server then host the CA’s root and/or intermediate certificates.  As shown above, you can be your own CA, but this increases the management burden as you now need to distribute the root/intermediate certificates to your clients in order to gain their trust of your certificates.  By using a commercial CA, chances are good their certificates are already in your client trusted stores and thus your certificates will be trusted by the clients.  In a corporate network, however, you might want to secure your traffic without forking over the cash for dozens (hundreds?) of certificates.  In this case, an internal CA makes a lot of sense, and can be managed somewhat painlessly with active directory or the like.  Figure 2 shows the testco CA as installed in my firefox browser.

So any certificates I sign with the testco CA will be trusted by my firefox browser, eliminating all the extra clicking I’d need to do for self-signed certificates.

Intermediate CAs and the Certificate Chain

Best practices with PKI involve creating a number of subordinate CAs.  With the testco CA I created, I installed this root certificate into my trust store and I signed the certificate I used for www.testco.com with that CA, and all is well.  However, most of the time certificates are signed by Leaf CAs, or subordinate CAs that are created specifically for the purpose of creating certificates for servers, systems, etc.  If you reference Figure 1, you’ll notice the issuer section where it informs the client of the certificate signer.  In the event this is not the root CA for my www.testco.com, the authentication will fail, because the issuer is not trusted.  These trust relationships can chain so that there are multiple levels of trust down from the root certificate to a depth of 10 (openSSL).  For example, take the certificate chain in Figure 3.

When the client receives the certificate from www.testco.com, it will have a signer (issuer) of Testco Dev CA.  My browser doesn’t trust this CA, so it must then validate its signer, which is the Testco CA (root).  My browser does trust this CA, so all is good.  Now, if I added this intermediate CA to my trust store, validation would stop at that level and would not need to climb to the root CA.  This is how most commercial providers work.  You get the intermediate CAs from most publishers when you install your system OS.  When you connect to an SSL-enabled site, the certificate arrives at the client with it’s signer, and then the certificate chain is climbed until (if) it arrives at a level of trust.  In addition to the usefulness for the ssl profiles, this information is quite handy if you will be installing 3rd party certificates (read: not self-signed) for GTM (Chapter 12 in the Implementations Guide) as certificate depth plays a big role in configuration.  Finally, IBM has a great graphic on the chain of trust certificate/signature verification process.

Types of Certificates

Remember from part 1 where I said that you couldn’t host multiple domains on a single IP without the TLS SNI option?  Well, that’s not entirely true.  It is true of standard SSL certificates, but certificates have changed over the years to workaround some of these limitations.  There are several options when considering certificates.

• Domain Validated – no company background checking, just a simple comparison to the domain whois information before issuing. $
• Organizationally Validated – company background is vetted, site ip/name is validated. $$
• Extended Validation – industry standard certificate guidelines.  This will turn the browser locator bar green and publish company name as well.  Introduced in 2007. $$$
• Unified Communications – this certificate takes advantage of the Subject Alternative Name field, so you can secure multiple (specific) domain names on one certificate.  Microsoft Exchange is a popular application requiring a UC Certificate, as it supports several names owa.site.com, autodiscover.site.com, cas1.site.com, etc. $$$
• Wildcard Certificate – this certificate supports any number of subdomains based on *.site.com, where your subdomain would replace the *.  It doesn’t, however, support site.com, so for those lazy users (me) who hate typing the leading www. before hitting enter, the wildcard certificate will not cover that scenario. $$$
• Wildcard Plus – This is a combination UCC/Wildcard Certificate in that it will protect at the site.com, *.site.com, and several specified lower-subdomain levels as well.

Most modern browsers support the above options, but there are still some questions on the compatibility with the wildcard plus certificates, and some mobile devices have issues with wildcard certificates in general.  Make sure you thoroughly vet out your userbase before deciding on a solution.

Certificate Formats

There are several ways the X.509 certificate structure is packaged.  Different platforms require different formats.  The LTM uses PEM format.  Most of the commercial CAs issue certificates in PEM format.  If you are using an internal Windows CA, most likely the certificate, the format is PKCS#7/#12, and prior to version 10.1, needed to be converted to PEM prior to import.  The formats used are:

• PEM – base64 encoded ASCII file with BEGIN CERTIFICATE and END CERTIFICATE statements and can contain the private key
• DER – binary form of the certificate
• PKCS#7 – also a base64 encoded ASCII file, though with BEGIN PKCS7 and END PKCS7 statements.  Can not contain the private key.
• PKCS#12 – binary form of the certificate, any intermediates, and the private key.

Converting is fairly easy and can be done at the cli of the LTM with the openssl tool.

• DER to PEM
  • openssl x509 -inform der -in <certname>.der -out <certname>.pem
• PKCS#7 to PEM
  • openssl pkcs7 -print_certs -in <certname>.p7b -out <certname>.pem
• PKCS#12 to PEM
  • openssl pkcs12 -in <certname>.pfx -out <certname>.pem -nodes

Conclusion

There is so much more depth to certificates that we could cover, but hopefully this overview has been informative and provides the foundation necessary for part 3, where we’ll start diving into the profiles themselves.