Lots of people have been discussing digital certificates with me lately, with several certificates having to be re-issued due to certificate chain problems. I thought I’d take the time to explain how these things work in simple terms.
Most people come into contact with certificates when either setting up a web server that uses SSL (Secure Sockets Layer) to encrypt data in transit or encrypted e-mail. The two main functions of a certificate are to provide encryption using the keys contained with them and provide assurance that the owner of the certificate is who they say they are. Certificates issued inside an organisation for solely internal use, the second point might not be so important as assurance can be gained through talking to the person who issued the certificate. However, under most circumstances, people need independent assurance that the owner is who they say they are.
A request can be made to have a certificate digitally signed by an independent organisation (certificate authority) which people already trust, making the process of accepting a certificate as valid seamless. However, how does an end user trust the certificate authority? Surely, we still have the same problem in providing identity assurance with these organisations, otherwise we wouldn’t be able trust their digital signatures? This has, in the most part, been solved by pre-installing the certificates of these organisations into applications like e-mail clients and web browsers that are likely to come across these signatures. If you want to take a look to see who you trust by default, try going into Tools -> Internet Options -> Content and click on the “Certificates…” button. One of the tabs across the top will be labelled “Trusted Root Certification Authorities”. In Firefox in Windows, simply go to Tools -> Options -> Advanced -> Encryption (on a Mac, just go to Preferences -> Advanced -> Encryption) and click on the “View Certificates” button. One of the tabs will be entitled “Authorities”. Different browsers and e-mail clients will have similar options.
The reason that these authorities are trusted is because they have stringent verification methods to ensure that certificates are only issued to the correct people or organisations.
However, there is a problem with this model, one which manifested itself at LSE, where a root Certification Authority changes its signing key and certificate pair to one that is not already present in all browsers or clients. The only way to automatically trust certificates signed with the Certificate Authority’s new key is to manually install it, which is not recommended. Apart from the obvious danger that the person doing the installing has to do equivalent checks on the identity of the certificate to provide the same level of assurance as the other certificates in the root Certificate Authority list, having to get every client that may connect to that device is a nightmare.
It is by far safer to have certificates signed by a key that is already in the client. This is why most Certificate Authority’s certificates have very long lifetimes, equivalent to the expected lifetime of the equipment of the client, to prevent manual updates.
The point of all this is that the client doesn’t need to refer back to the root Certificate Authority every time it comes across a certificate signed by that particular CA. Nor do they even, necessarily, require a route back to the CA at any point, as long as the CA’s credentials are held locally.
Expiry and revocation
Certificates all have an expiry date. It is assumed that the “private key” (that which is used to decrypt information or digitally sign other messages/certificates) will get compromised at some point. The more protection given to a certificate, the less likely it will be compromised and, therefore, the safer those certificates dependent on it will be. This paper describes the ways in which an organisation might protect its own certificate signing key.
If a private key does get compromised, it is possible (albeit hard) to revoke that certificate and any child certificates using a certificate revocation list (CRL) that is incorporated into the certificate itself. This process is, however, a bit flakey, as it defeats the purpose of being able to do offline verification of certificates based on locally-held, trusted credentials of CAs.