undefined | Better HN

0 pointsmaxdamantus4y ago0 comments

I don't like this solution, mainly because installing custom CA certificates increases the chance of a MITM attack involving other services.

Any trusted "intermediate" certificate in X.509 is allowed to be a CA, so it can be used to sign certificates for any domain. If an attacker gets the private key for that certificate which has been manually installed on everyone's PC, they can impersonate any website, including external web mail, etc, until someone manually removes the certificate again from all the PCs.

In the past when we've used custom CAs for test environments, I've preferred to just deal with the TLS warnings instead of trusting a non-standard CA on the computers I use.

0 pointsmaxdamantus4y ago0 comments

I don't like this solution, mainly because installing custom CA certificates increases the chance of a MITM attack involving other services.

In the past when we've used custom CAs for test environments, I've preferred to just deal with the TLS warnings instead of trusting a non-standard CA on the computers I use.

0 comments

5 comments · 2 top-level

pabs34y ago· 3 in thread

Perhaps the CA could be constrained to only sign certs for *.foo.local?

maxdamantusOP4y ago

As far as I know, X.509 doesn't currently have such a concept, and web browsers don't have it either.

If you install a certificate as a CA, it is a CA for any domain. If a CA signs another certificate with the "Certificate Sign" flag (intermediate certificate), that other certificate is also a CA for any domain. The subject name fields are not used when validating authority as a CA.

jesboat4y ago

It does; they're called "name constraints".

This page https://systemoverlord.com/2020/06/14/private-ca-with-x-509-... claims they're supported by "all current browsers".

x509 extensions can be marked "critical" or not. If the name constraint was marked critical, then AIUI old software should (in theory) fail secure, and reject everything signed by the CA.

pabs34y ago

Well, there is the name constraints mechanism, but I'm not sure how well supported that is in TLS libraries and web browsers.

https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.... https://timothy-quinn.com/name-constraints-in-x509-certifica... https://www.sysadmins.lv/blog-en/x509-name-constraints-certi... https://blog.codekills.net/2012/04/08/adventures-in-x509-the...

2 more replies

kevin_thibedeau4y ago

You just run your own CA and install that as a trusted root. Then you aren't vulnerable to external parties and you don't have to deal with alarm bells over self-signed certs.

j / k navigate · click thread line to collapse