數(shù)字證書作用
我們知道HTTPS比HTTP安全凰锡,它的安全在于通信過程被加密秉继。然而加密算法是用對稱加密哮内,也就是說盗棵,客戶端和服務(wù)端采用一個相同的密鑰。為了讓雙方得到這個密鑰北发,前期就有一個很重要的工作:協(xié)商密鑰纹因。
現(xiàn)在我們簡單模擬一下通信過程:
- 客戶端:hi,我準(zhǔn)備跟你(xx.com)建立HTTPS通信鲫竞。
- 服務(wù)端:好的辐怕,我就是xx.com,這是我的證書从绘,你驗(yàn)證一下寄疏。
- 客戶端:驗(yàn)證通過了是牢,你的確是xx.com,我把密鑰發(fā)給你陕截,下面的通信咱們就加密了驳棱。
- 服務(wù)端:s&&(*3u247(
- 客戶端:(&DY&#%%&#
上述只是簡化后的過程, 我們可以看到協(xié)商密鑰中有一個很重要的步驟:服務(wù)端要證明自己是xx.com农曲。如何證明社搅?證書+鏈?zhǔn)津?yàn)證!
數(shù)字證書內(nèi)容
執(zhí)行以下的命令可以看到一個網(wǎng)站的證書內(nèi)容(以www.baidu.com為例):
openssl s_client -connect www.baidu.com:443
可以看到乳规,證書就是這么一堆內(nèi)容:
-----BEGIN CERTIFICATE-----
MIIJPzCCCCegAwIBAgIMCNBs8Cq2uU5UNfueMA0GCSqGSIb3DQEBCwUAMGYxCzAJ
UaCmeTg1cbvOTh7TFaWzF4YAyVk7lbXo4qa5eP0ZJotGlP1KQ1ASiOzJXzkb+7lS
7CJELk6Jz6IizNG0wtpj4G2CWOKB5Qm8LlGvPZBXVlzbKAu2hObLJhq+XIp883Gw
.....省略....
fi66YCxIwyCKGQZpdKxP+FX4w6vhcTlkSO59orvUFChBu6qdyoUQzBKD4M0fZEh+
iQioeqDNbX39fBP/7tZMBaUh7SlklDQkWbdgnUbKe1gSX90C2A91g/Sp7Cyzl6f8
U8f0AMvvyVwdPMmFCkDK3g85Cg==
-----END CERTIFICATE-----
看起來是一堆base64的編碼形葬,我們繼續(xù)用openssl命令把證書內(nèi)容打印出來,它符合x.509規(guī)格:
//先把證書內(nèi)容保存在www.baidu.com.crt文件內(nèi)
openssl x509 -text -noout -in www.baidu.com.crt
解碼后輸出內(nèi)容如下:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:d0:6c:f0:2a:b6:b9:4e:54:35:fb:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
Validity
Not Before: May 3 01:48:02 2018 GMT
Not After : May 26 05:31:02 2019 GMT
Subject: C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:af:a4:c3:2a:19:81:8e:22:9c:e5:44:92:39:30:
8a:c6:8c:fb:ca:1f:ba:4d:b0:39:33:05:9f:2b:3e:
d9:20:c1:63:30:99:92:6e:a1:2c:7f:28:c8:1e:d5:
e7:93:3d:f1:fc:62:c6:b3:32:67:5c:8d:98:96:4e:
f7:54:6c:d6:eb:83:64:b3:bb:2f:02:8f:a9:d3:58:
9c:96:57:e3:1c:77:3a:f4:0d:19:d8:46:4a:53:72:
c8:e7:f0:f3:71:d2:88:fe:f7:73:91:28:ba:3d:78:
1b:1e:c5:76:63:c6:88:21:b7:17:6c:3e:58:03:40:
f2:86:95:80:e7:20:6b:9a:77:92:af:61:36:5e:8f:
ac:f3:c2:85:72:0d:32:89:e4:ba:a2:9b:2a:c5:d2:
8c:4a:94:ba:8b:16:c5:11:02:eb:d9:78:32:1a:66:
f6:b5:bb:25:38:3e:94:bb:11:8d:46:14:60:5e:1c:
74:91:c1:8b:27:38:4b:87:82:03:15:97:a6:c5:86:
7c:7d:27:1e:c1:89:2b:14:66:66:e9:6c:cd:75:06:
40:5a:4c:3f:42:39:1d:4b:b1:16:08:df:83:06:a4:
e8:0d:a1:01:2e:d4:24:86:20:a2:2c:b1:cb:c2:c2:
ba:f6:07:c5:7d:0b:df:e1:fe:fd:74:92:b7:7e:8f:
a5:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
Authority Information Access:
CA Issuers - URI:http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt
OCSP - URI:http://ocsp2.globalsign.com/gsorganizationvalsha2g2
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:baidu.com, DNS:baifubao.com, DNS:www.baidu.cn, DNS:www.baidu.com.cn, DNS:mct.y.nuomi.com, DNS:baifae.com, DNS:apollo.auto, DNS:*.baidu.com, DNS:*.baifubao.com, DNS:*.baidustatic.com, DNS:*.bdstatic.com, DNS:*.bdimg.com, DNS:*.hao123.com, DNS:*.nuomi.com, DNS:*.chuanke.com, DNS:*.trustgo.com, DNS:*.bce.baidu.com, DNS:*.eyun.baidu.com, DNS:*.map.baidu.com, DNS:*.mbd.baidu.com, DNS:*.fanyi.baidu.com, DNS:*.baidubce.com, DNS:*.mipcdn.com, DNS:*.news.baidu.com, DNS:*.baidupcs.com, DNS:*.aipage.com, DNS:*.aipage.cn, DNS:*.bcehost.com, DNS:*.safe.baidu.com, DNS:*.im.baidu.com, DNS:*.ssl2.duapps.com, DNS:*.baifae.com, DNS:*.baiducontent.com, DNS:*.dlnel.com, DNS:*.dlnel.org, DNS:*.dueros.baidu.com, DNS:*.su.baidu.com, DNS:*.91.com, DNS:*.hao123.baidu.com, DNS:*.apollo.auto, DNS:*.xueshu.baidu.com, DNS:*.bj.baidubce.com, DNS:*.gz.baidubce.com, DNS:*.smartapps.cn, DNS:click.#, DNS:log.#, DNS:cm.pos.baidu.com, DNS:wn.pos.baidu.com, DNS:update.pan.baidu.com
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
45:36:AC:EA:1D:89:68:E1:2B:39:11:AD:23:9C:D1:59:36:8B:B0:CC
X509v3 Authority Key Identifier:
keyid:96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:00:40:E6:1A:7C
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : BB:D9:DF:BC:1F:8A:71:B5:93:94:23:97:AA:92:7B:47:
38:57:95:0A:AB:52:E8:1A:90:96:64:36:8E:1E:D1:85
Timestamp : May 3 01:48:04.994 2018 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:50:84:C6:43:95:81:58:E1:5B:6E:CD:C9:
7A:E0:F7:B8:03:E4:A7:AC:57:40:45:06:41:81:21:9F:
E1:EF:20:D7:02:21:00:C4:DC:AB:F3:D1:94:EE:DF:BA:
1E:89:8D:34:00:9C:4D:BE:36:91:A7:20:F2:ED:37:D9:
0B:D4:69:59:53:CF:07
Signed Certificate Timestamp:
Version : v1(0)
Log ID : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
Timestamp : May 3 01:48:04.625 2018 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:A2:DE:A2:E2:29:CB:AB:64:33:1F:FC:
DE:6A:A7:0A:EC:D8:B8:1D:63:72:4C:84:B8:B4:1E:A8:
75:21:73:B1:C9:02:20:59:88:21:97:BC:4C:D6:6C:11:
8E:46:49:05:78:64:D9:A5:7B:32:54:83:51:53:08:85:
77:A7:F7:4B:C4:B0:EE
Signature Algorithm: sha256WithRSAEncryption
89:08:0e:6a:b7:52:34:35:46:fd:1e:45:23:ba:4f:ee:f5:14:
12:87:5d:f5:9c:6b:e1:23:aa:be:7b:3a:b7:3d:be:7a:34:76:
43:d4:cb:92:72:8e:eb:65:a4:51:a0:a6:79:38:35:71:bb:ce:
4e:1e:d3:15:a5:b3:17:86:00:c9:59:3b:95:b5:e8:e2:a6:b9:
78:fd:19:26:8b:46:94:fd:4a:43:50:12:88:ec:c9:5f:39:1b:
fb:b9:52:ec:22:44:2e:4e:89:cf:a2:22:cc:d1:b4:c2:da:63:
e0:6d:82:58:e2:81:e5:09:bc:2e:51:af:3d:90:57:56:5c:db:
28:0b:b6:84:e6:cb:26:1a:be:5c:8a:7c:f3:71:b0:7e:2e:ba:
60:2c:48:c3:20:8a:19:06:69:74:ac:4f:f8:55:f8:c3:ab:e1:
71:39:64:48:ee:7d:a2:bb:d4:14:28:41:bb:aa:9d:ca:85:10:
cc:12:83:e0:cd:1f:64:48:7e:89:08:a8:7a:a0:cd:6d:7d:fd:
7c:13:ff:ee:d6:4c:05:a5:21:ed:29:64:94:34:24:59:b7:60:
9d:46:ca:7b:58:12:5f:dd:02:d8:0f:75:83:f4:a9:ec:2c:b3:
97:a7:fc:53:c7:f4:00:cb:ef:c9:5c:1d:3c:c9:85:0a:40:ca:
de:0f:39:0a
數(shù)字證書暮的,沒有很復(fù)雜的內(nèi)容笙以,它包括以下幾樣?xùn)|西:
- 公鑰:Public-Key
- 簽名:Signature
- 簽名算法: Signature Algorithm: sha256WithRSAEncryption
- 證書頒布機(jī)構(gòu):Issuer
- 過期時間:Validity
- 其他...
1~5是較為重要,其他的冻辩,例如一些擴(kuò)展屬性SAN猖腕,稍作了解即可。
數(shù)字證書如何驗(yàn)證
平時我們寫代碼的時候?yàn)榱蓑?yàn)證請求的合法性恨闪,一般會用md5來算出一個sign值倘感,該sign值伴隨請求一同發(fā)送給服務(wù)端。服務(wù)端用相同的key咙咽,md5算出sign老玛,比對是否一致。例如:
//客戶端簽名
sign = md5(content + key)
//服務(wù)端校驗(yàn)簽名
md5_Sign ?= md5(content + key)
HTTPS的證書校驗(yàn)其實(shí)差不多钧敞,只不過算法比md5稍微復(fù)雜一點(diǎn)逻炊。
具體簽名算法在證書里都會明確標(biāo)明,例如baidu的證書就是用 Signature Algorithm: sha256WithRSAEncryption簽名犁享。需要注意的是,不同證書頒發(fā)的時候會有不同的簽名算法豹休,有些老證書仍采用sha128炊昆。
sha256WithRSAEncryption大體是這樣的:
//簽名
sign = RSA_Encrypt(sha256(content), privateKey)
//校驗(yàn)簽名
sha256_Content = RSA_Decrypt(sign, publicKey)
sha256_Content ?= sha256(content)
在非對稱加密體系中,私鑰用來簽名威根,公鑰用來校驗(yàn)簽名凤巨。
到了HTTPS場景,A給B頒發(fā)證書洛搀,意味著這證書是用A的私鑰簽名敢茁,以后必須用A的公鑰來校驗(yàn)。
那A的公鑰哪來留美?答案就是從A的證書里獲得彰檬。問題又來了伸刃,我得驗(yàn)證一下A的證書才能用它的公鑰,對吧逢倍?假設(shè)A的證書是X頒發(fā)的捧颅,那就用X的公鑰驗(yàn)證。
同樣较雕,我們要驗(yàn)證X的證書碉哑,又需要Y的公鑰...
如此循環(huán)下來就成了一條所謂的證書鏈。循環(huán)必須有出口亮蒋,出口就是系統(tǒng)安裝的根證書扣典,安裝在系統(tǒng)的根證書是永遠(yuǎn)信任的,也就是說慎玖,可以拿它的公鑰來驗(yàn)證下一級的證書贮尖,下一級又驗(yàn)證下下一級,如下圖:
證書鏈說白了就是一個"找別人證明自己"的過程:
- A:我是A凄吏,不信你可以問下B远舅,B給我做擔(dān)保;
- B:我是B痕钢,不信你找下X图柏,它能證明我是B;
- X:我是X任连,不信你找下Y蚤吹,它能證明我是X;
- Y:我是Y随抠,不信你找下ROOT裁着,它能證明我是Y;
- ROOT:哎呀拱她,我們是認(rèn)識的啊二驰,那就好辦了,Y是真的...
ROOT必須可靠可信任秉沼,如果ROOT是偽造的桶雀,那么ABXY它們的話都不可信。
所以以前有些網(wǎng)站(例如12306)讓用戶添加根證書是很不負(fù)責(zé)任的唬复,大家警惕矗积。
以下是一個完整的證書鏈驗(yàn)證,執(zhí)行命令:
[root] openssl s_client -connect www.baidu.com:443
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = CN, ST = beijing, L = beijing, OU = service operation department, O = "Beijing Baidu Netcom Science Technology Co., Ltd", CN = baidu.com
verify return:1
可以看到證書鏈有3層(一般也就只有3層)敞咧,分別是*.baidu.com棘捣、GlobalSign Organization Validation CA和GlobalSign Root CA。
- 第0層休建,驗(yàn)證
*.baidu.com乍恐,需要找GlobalSign Organization Validation CA這個證書评疗; - 第1層,驗(yàn)證
GlobalSign Organization Validation CA禁熏,需要找GlobalSign Root CA這個證書壤巷; - 第2層,驗(yàn)證
GlobalSign Root CA瞧毙,它是一個根證書胧华,而且在客戶端的信任列表里,所以通過驗(yàn)證宙彪,驗(yàn)證結(jié)果“verify return:1”矩动;
服務(wù)器的證書文件
在nginx,簡單地把下面三個配好就可以用HTTPS了:
ssl on;
ssl_certificate ssl/sslchain.crt; //數(shù)字證書
ssl_certificate_key ssl/ssl.key; //私鑰文件
私鑰文件是用來在協(xié)商密鑰的時候解密密鑰的释漆,這里不重點(diǎn)討論悲没,這個文件不能泄露。
證書文件一般會包含3個證書男图, 就是上面的*.baidu.com示姿、GlobalSign Organization Validation CA和GlobalSign Root CA。如果把第2層GlobalSign Organization Validation CA刪掉逊笆,證書鏈就斷了栈戳,整個證書驗(yàn)證會失敗。
調(diào)試工具
大家在調(diào)試證書問題的時候难裆,建議用opnessl命令結(jié)合curl子檀,把信息打印出來,了解會深刻一點(diǎn)乃戈。
