2

I'm a bit confused by this command for generating a self-signed certificate from an otherwise clear tutorial on OpenSSL:

openssl req \
  -x509 -nodes -days 365 -sha256 \
  -newkey rsa:2048 -keyout mycert.pem -out mycert.pem

I understand this generates a request for a self-signed x509 certificate, and not a certificate request to be signed by a CA, but the private key is in the generated certificate file and sounds dodgy to me since the private key shouldn't be sent with the certificate.

Is this an error or how this is supposed to work?

JW0914
  • 7,052
  • 7
  • 27
  • 48
Minsky
  • 256
  • 1
  • 12
  • Dismissing the fact self-signed certs aren't secure _(they lack Chain of Trust)_, there's no use case for this, as doing so is a massive security risk. The closest use-case would be for a web server, however, even then, while the private key wouldn't be encrypted, it does require different permissions than the certificate. Those types of tutorials are bare-minimum ones, choosing the bare minimum over what's recommended for basic security, similar to the vast majority of OpenVPN & OpenSSH tutorials _(I cover how to securely create certs in [this](https://superuser.com/a/1618151/529800) answer)_ – JW0914 May 30 '21 at 12:00
  • my question is this: Does it make sense to have the private key and certificate on the same file or they have to be on separated files? Also, chain of trust does not improve security afaik, just the browsers will trust it. @JW0914 – Minsky May 30 '21 at 12:23
  • From https://www.ssl.com/faqs/what-is-an-x-509-certificate/ it seems only the public key should be there – Minsky May 30 '21 at 12:29
  • @Minksy As stated above, there is no use case for this as it's a massive security risk. [Chain of Trust](https://www.ssl.com/faqs/what-is-a-chain-of-trust/) has nothing to do with browsers in and of themselves and everything to do with the CoT of a certificate _(browsers are only one use case for certs, others are authentication [VPNs], encryption of files, identity verification [CAC, email], etc.)_. [PKI](https://en.wikipedia.org/wiki/Public_key_infrastructure) keys are _**never**_ public, as doing so makes PKI pointless _(the "public" reference in the link is referring to PKI)_. – JW0914 May 30 '21 at 12:40
  • I understand you think this is risky and appreciate your comments @JW0914, but if we don't go by steps there is no point in commenting. I'm creating certificates just for understanding how this works. I do that by successive approximations, and this means there will be errors. So this won't be a wan site, it's a switch with 2 pcs. Now, the first question is: what is the risk of having a private key on the certificate (see the command `-keyout mycert.pem -out mycert.pem`)? Next, I will go deeper. – Minsky May 30 '21 at 12:40
  • It does have to do with the browsers: they have to inspect the certificate and trust it. @JW0914 – Minsky May 30 '21 at 12:42
  • None of what I've stated is an opinion, they're all facts & can be fact-checked via google. Please add all questions to your question, as comments aren't meant to be a conversation thread (please edit a previous comment instead of double commenting). Certificate files are intended to be readable by everyone (all users, services, groups in an OS), whereas a key file is only intended to be read by a specific user, service, or group, else MITM attacks can occur (e.g. browser certs are accessible to all). I've provided links explaining in more detail what's stated in my comments, please read them. – JW0914 May 30 '21 at 12:49
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/124863/discussion-between-jw0914-and-minsky). – JW0914 May 30 '21 at 13:00

1 Answers1

1

I understand this generates a request for a self-signed x509 certificate, and not a certificate request to be signed by a CA, but the private key is in the generated certificate file and sounds dodgy to me since the private key shouldn't be sent with the certificate.

It will not be sent with the certificate.

Certificates and files are not the same thing. The TLS software never sends the actual file anywhere as-is – it reads the file, interprets its contents, and loads the data that it wants to load. When you have a PEM-formatted file with multiple items, the program easily knows when one item ends and another begins.

In this case, the program using your .pem file will load one "certificate" object and one "private key" object from it, after which point the original source is no longer relevant – it could've been a single .pem file, two separate .pem files, a DER .crt file, a PKCS#12 .pfx file, or not even a file in the first place. The program only cares about the actual certificates that are now in memory – if it needs to send a certificate it'll send only that.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966