TLS

The OpenSSL configuration files live in /etc/ssl, notably /etc/ssl/certs which holds a list of trusted certificates for the platform.

The certificates will most likely be in PEM (Privacy Enhanced Mail) format (essentially the file has a -----BEGIN XYZ----- header, and a -----END XYZ----- footer and the content is base64 encoded). For example, the root certificate for the DigiCert CA:

$ cat /etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
-----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
# more output omitted
-----END CERTIFICATE-----

Encoded here is the contents of a x.509 certificate, a format which defines an identity (e.g. hostname) and a public key:

$ openssl x509 -noout -text -in /etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
        Validity
            Not Before: Nov 10 00:00:00 2006 GMT
            Not After : Nov 10 00:00:00 2031 GMT
        Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus: ...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F
            X509v3 Authority Key Identifier: 
                45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value: ... 

A certificate will either be signed by a CA or self signed.

In linux, SSL certificates are found in /etc/ssl/certs, which are generated by running update-ca-certificates which looks at every line of /etc/ca-certificates.conf: a file describing which files in usr/local/share/ca-certificates should be trusted.

See also: https://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html.

Communication starts with the client and server agreeing to use a certain cipher suite. The server will then provide its Digital Certificate:

import ssl
# https://github.com/mcepl/M2Crypto
import M2Crypto

certificate = ssl.get_server_certificate(('www.gnu.org', 443))
x509 = M2Crypto.X509.load_cert_string(certificate)
x509.get_issuer.as_text()
# "C=US, O=Let's Encrypt, CN=R3"
x509.get_subject().as_text()
# "CN=wildebeest1p.gnu.org"

Note x.509 is the format used in TLS/SSL certificates. In the above snippet we obtain information about the certificate of 'www.gnu.org'. There are two principals associated with a certificate: the issuer and the subject.

First of all we obtain information about the issuer:

• C=US tells us that the issuer is located in the US
• O=Let's Encrypt is the organisation distributing the certificate (Let's Encrypt)

• CN=R3 R3 is an intermediate certificate (CN stands for "Common Name"), we will need to follow the certificate chain to fully verify this certificate:

  #+begin_src bash

$ openssl s_client -showcerts -servername www.gnu.org -connect www.gnu.org:443 </dev/null

CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R11 verify return:1 depth=0 CN = wildebeest1p.gnu.org verify return:1 — Certificate chain 0 s:CN = wildebeest1p.gnu.org i:C = US, O = Let's Encrypt, CN = R11 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Nov 13 08:04:26 2024 GMT; NotAfter: Feb 11 08:04:25 2025 GMT –—BEGIN CERTIFICATE–— MIIJoTCCCImgAwIBAgISBPmzdvDVwW++ut5BlSysPQhvMA0GCSqGSIb3DQEBCwUA … –—END CERTIFICATE–— 1 s:C = US, O = Let's Encrypt, CN = R11 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT –—BEGIN CERTIFICATE–— MIIFBjCCAu6gAwIBAgIRAIp9PhPWLzDvI4a9KQdrNPgwDQYJKoZIhvcNAQELBQAw … –—END CERTIFICATE–— — Server certificate subject=CN = wildebeest1p.gnu.org issuer=C = US, O = Let's Encrypt, CN = R11 — No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits — SSL handshake has read 4324 bytes and written 397 bytes Verification: OK — New, TLSv1.3, Cipher is TLS_{AES256GCMSHA384} Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) — DONE #+end_src

Next we obtain information about the subject:

• CN=wildebeest1p.gnu.org this is the entity to whom the certificate is assigned