While not the only one out there[1], I've been hacking a cli tool written in bash[2] to streamline the OpenSSL commands geared toward a PKI/CA workflow. I started it mainly for my overall learning of OpenSSL from nothing and for my small scale needs with my CoreOS servers.
What I learned from this exercise, is that it's not the complexity of the commands that is the issue with OpenSSL, it's:
1) The importance of consistent naming schemes (for the humans) and PKI hierarchy design (the nuances of keyUsage, basicConstraints, and extendedKeyUsage)
2) consistent execution of commands; typos are more likely the more you have to put in the CLI manually
3) good configuration files aren't utilized enough in most of the tutorials I found. They can streamline use, archive procedure, and prevent typos as in point #2.
4) The importing of certs and keys in an automatic way is a sort of dark corner of the tutorial world. But permissions are super important! I came up with an import strategy that I think works pretty well.[3] Please examine and break it!
I quite like the idea of TinyCert and often wanted to do something similar myself. Although creating a private CA is not a lot of work initially, maintaining it is a hassle, especially when you'd rather be doing something else. TinyCert could be useful for development teams (and other similar non-security-critical uses) to get rid of self-signed certificates altogether.
However, for me, the fact that they have all the private keys is a deal breaker. Further, I'd like to see the certificates name-constrained to specific development hostnames. And I don't like the fact that the keyUsage and extendedKeyUsage fields are not locked down. If I am going to install a private CA root, I want to have the smallest possible attack surface.
Overall, if they offer this as something that can be locally installed, it could be a useful product. Especially if it integrates with a low-cost HSM, for example https://www.nitrokey.com/
In the meantime, for anyone looking for good documentation on how to achieve the same using just OpenSSL on the command line, I have an easy-to-follow guide as part of my OpenSSL Cookbook:
I agree with maintaining is a hassle, but creating a private CA is also not that easy. I was building up my own CA, there was still a lot of stuff to take care of, from policies/keyUsages to CRL/OCSP/SECP, when ECC comes in, encryption and decryption usages sometimes could be separated. There's whole lot of tiny little details somewhere makes me to rebuild the CA. I'm on G32 revision.
And the nitrokeys are great, I've never expected an affordable HSM for home/private use, thank you for mentioning it. I think I'm going to roll out G33 ;p
The fact that they keep your private keys in their database is what makes this a bad idea to use.
Cannot see what kind of people this service is targeted to, since the ones who understand what a CA is and need to sign their own certificates probably already know how to use OpenSSL.
OpenSSL's CLI is pretty annoying, and for many (like me!) it mostly consists of copy-pasting commands into a text editor, modifying them slightly, and pasting them into a terminal. Could be better. But yeah, trusting a third party with your private keys isn't an answer.
As you say, I'd prefer to run this sort of thing locally - half the point of running your own CA is that you have full control over it.
I wrote caman (https://github.com/radiac/caman), a bash script wrapper for openssl with what looks like a similar syntax to etcd-ca. I posted about it on HN a while back, but it now also supports SAN certificates and intermediate CAs.
So just to be clear: whatever you do with the keys generated by this service is trivially pwn-able by TinyCert.
Maybe you trust TinyCert not to be malicious. But do you think they're completely unhackable? A database full of private keys is a mighty tempting reward for attackers.
I wouldn't touch private-key-generation-as-a-service with a 10-foot pole.
First, they have to care. Second, they'd have to MITM your network connection. The chance of a single party being able to do both of those is very, very low.
Sure, it's not best practices. Is it better than what R&D teams are doing now? (Unvalidated self-signed certs, or no encryption at all.) Absolutely.
People complaining about this are like people who complain about invalid cert warnings not being strong enough (or too easy to disable) while half the world still browses with http with no warnings.
It's a significant improvement over the status quo.
It seems nice! A few days back I was playing a bit with golang's crypto and examples and I created a small cli app[1] to generate CAs and private key - certificate pairs signed by them. I wanted to create a small web service on top too (no need for sign up though, just check some fields and download a zip with your files) but haven't find time.
The most difficult problem imo, remains the management and not the creation of the keys and certs. I occasionally use them to connect backend services securely, so I have to install the root cert to every server OS and every JVM based app (here we create a keystore). Then I have to install each private key and certificate to the appropriate service. If the service is JVM based we also have to adjust its command line switches. Should a private key get stolen and we have one root CA for all services, we should delete and recreate everything. PKI is complex and with tens or hundreds of services its almost impossible to manage. Even the simplest task, like downloading a file from a nexus repository by a JVM based app using https and a free StartSSL certificate is very hard, since Oracle doesn't include StartCom's root CA.
As others said, the whole point of having your own CA is that you have full trust and control over it. If you give someone your root ca private key then you may as well not have your own PKI at all (I can't see the point).
It could be i'm totally missing the use-case for this, but personally I think if you can't take the 30 minutes to google one of the hundreds of guides that use OpenSSL commands and precompiled win32 binaries to generate three files you shouldn't be trusted with providing security for a website. Who are these people who need SSL and don't have 30 minutes to learn this once?
There are tons of scripts and other tools that handle the commands for you, too. Do I really need to sign up for yet another website just to perform one operation? (No, and neither should you)
They actually have the most reasonable business model, as they only charge you for services where human interaction is required (fe checking your credentials or adding your certificate to the revocation list), anything else like signing your certificate is free.
I tried to setup some a SSL cert through StartSSL and hit the paywall when I wanted to create a cert for a sub domain. The fees to get class 2 verification cost more than buying a basic SSL elsewhere.
I know. I've discussed this with the author, there are some IP issues he's trying to resolve. Outside of this obstacle, his desire is to open-source it.
Pretty much, yes. It has an API as well. You have to accept the root certificate of the authority you create in the browser and then you don't have do accept all self-signed certificates based on it. It's aiming to ease development, it's not to be used in production.
brianclements|10 years ago
What I learned from this exercise, is that it's not the complexity of the commands that is the issue with OpenSSL, it's:
1) The importance of consistent naming schemes (for the humans) and PKI hierarchy design (the nuances of keyUsage, basicConstraints, and extendedKeyUsage)
2) consistent execution of commands; typos are more likely the more you have to put in the CLI manually
3) good configuration files aren't utilized enough in most of the tutorials I found. They can streamline use, archive procedure, and prevent typos as in point #2.
4) The importing of certs and keys in an automatic way is a sort of dark corner of the tutorial world. But permissions are super important! I came up with an import strategy that I think works pretty well.[3] Please examine and break it!
[1]https://github.com/OpenVPN/easy-rsa
[2]https://github.com/brianclements/pkictl
[3]https://github.com/brianclements/pkictl#import
ivanr|10 years ago
However, for me, the fact that they have all the private keys is a deal breaker. Further, I'd like to see the certificates name-constrained to specific development hostnames. And I don't like the fact that the keyUsage and extendedKeyUsage fields are not locked down. If I am going to install a private CA root, I want to have the smallest possible attack surface.
Overall, if they offer this as something that can be locally installed, it could be a useful product. Especially if it integrates with a low-cost HSM, for example https://www.nitrokey.com/
In the meantime, for anyone looking for good documentation on how to achieve the same using just OpenSSL on the command line, I have an easy-to-follow guide as part of my OpenSSL Cookbook:
https://www.feistyduck.com/library/openssl-cookbook/online/c...
methou|10 years ago
And the nitrokeys are great, I've never expected an affordable HSM for home/private use, thank you for mentioning it. I think I'm going to roll out G33 ;p
nspassov|10 years ago
Cannot see what kind of people this service is targeted to, since the ones who understand what a CA is and need to sign their own certificates probably already know how to use OpenSSL.
superuser2|10 years ago
raidan|10 years ago
I personally use etcd-ca[0] to ease management of my own certificates.
[0] https://github.com/coreos/etcd-ca
radiac|10 years ago
I wrote caman (https://github.com/radiac/caman), a bash script wrapper for openssl with what looks like a similar syntax to etcd-ca. I posted about it on HN a while back, but it now also supports SAN certificates and intermediate CAs.
strommen|10 years ago
Maybe you trust TinyCert not to be malicious. But do you think they're completely unhackable? A database full of private keys is a mighty tempting reward for attackers.
I wouldn't touch private-key-generation-as-a-service with a 10-foot pole.
sneak|10 years ago
Sure, it's not best practices. Is it better than what R&D teams are doing now? (Unvalidated self-signed certs, or no encryption at all.) Absolutely.
People complaining about this are like people who complain about invalid cert warnings not being strong enough (or too easy to disable) while half the world still browses with http with no warnings.
It's a significant improvement over the status quo.
stengaard|10 years ago
andmarios|10 years ago
The most difficult problem imo, remains the management and not the creation of the keys and certs. I occasionally use them to connect backend services securely, so I have to install the root cert to every server OS and every JVM based app (here we create a keystore). Then I have to install each private key and certificate to the appropriate service. If the service is JVM based we also have to adjust its command line switches. Should a private key get stolen and we have one root CA for all services, we should delete and recreate everything. PKI is complex and with tens or hundreds of services its almost impossible to manage. Even the simplest task, like downloading a file from a nexus repository by a JVM based app using https and a free StartSSL certificate is very hard, since Oracle doesn't include StartCom's root CA.
[1] https://github.com/andmarios/quickcert
vdm|10 years ago
chatu|10 years ago
n1x0n997|10 years ago
re cli - pain^2 , I ended up using xca
throwaway7767|10 years ago
Why would anyone want this? Or is my sarcasm detector way off?
peterwwillis|10 years ago
There are tons of scripts and other tools that handle the commands for you, too. Do I really need to sign up for yet another website just to perform one operation? (No, and neither should you)
userbinator|10 years ago
xorcist|10 years ago
https://www.openssl.org/docs/manmaster/apps/ca.html
robzyb|10 years ago
> Generate and manage SSL certificates quickly and easily without looking up complex OpenSSL commands.
mkesper|10 years ago
0XAFFE|10 years ago
devNoise|10 years ago
fidget|10 years ago
kolev|10 years ago
z92|10 years ago
"...but any regular user's browser will rightly put up a big fat warning message as they do not trust the root certificate of your TinyCert CAs."
helb|10 years ago
kolev|10 years ago
berzemus|10 years ago
smegel|10 years ago
vdm|10 years ago
[deleted]