# Lab 11 ## Task 1 - Become a Certificate Authority The objetive of the first task was to become a CA (Certificate Authority), which is a trusted identity that issues certificates. We copied the configuration file, openssl.cnf, found in /usr/lib/ssl/openssl.cnf into our current directory. Then, we created the required sub-directories and uncommented the unique subject, setting it to "no", as we can see below. This way, it is possible to create multiple certicates with the same subject. ``` [ CA_default ] dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. unique_subject = no # Set to ’no’ to allow creation of # several certs with same subject. new_certs_dir = $dir/newcerts # default place for new certs. serial = $dir/serial # The current serial number ``` In addition, we created two files: - index.txt, with no content - serial, with a single number inside (1000) To generate a self-signed certificate for our CA, we executed the following command: ```bash openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \ -keyout ca.key -out ca.crt ``` After the command is executed, the key and certificate will be stored in the files ca.key and ca.crt respectively. ### Questions The following commands were executed to decode the content of the certificate and of the RSA key, and were useful to answer the three questions below: ```bash openssl x509 -in ca.crt -text -noout openssl rsa -in ca.key -text -noout ``` #### **What part of the certificate indicates this is a CA’s certificate?** ``` X509v3 Basic Constraints: critical CA:TRUE ``` The presence of `CA:TRUE` indicates this is an CA certificate. #### **What part of the certificate indicates this is a self-signed certificate?** ``` Data: Version: 3 (0x2) Serial Number: 62:dc:68:ef:11:fd:44:c0:0d:4a:50:99:74:a9:f9:8e:e5:38:2e:49 Signature Algorithm: sha256WithRSAEncryption Issuer: C = pt, ST = porto, L = porto, O = feup, OU = feup, CN = feup Validity Not Before: Jan 11 16:39:18 2022 GMT Not After : Jan 9 16:39:18 2032 GMT Subject: C = pt, ST = porto, L = porto, O = feup, OU = feup, CN = feup ``` In the header of the `ca.crt`, we can check that the subject is the same as the issuer. It is also possible to verify that the Subject Key Identifier is equal to the keyid of the certificate, which means that the certificate is self-signed. ``` X509v3 extensions: X509v3 Subject Key Identifier: A6:BE:ED:36:D2:9A:DE:D1:E7:C3:4E:66:F0:6C:9C:58:86:98:03:C2 X509v3 Authority Key Identifier: keyid:A6:BE:ED:36:D2:9A:DE:D1:E7:C3:4E:66:F0:6C:9C:58:86:98:03:C2 ``` #### **In the RSA algorithm, we have a public exponent e, a private exponent d, a modulus n, and two secret numbers p and q, such that n = pq. Please identify the values for these elements in your certificate and key files.** The modulus, public exponent and the private exponent can be found at the `ca.key` file: ``` modulus: 00:be:8a:ab:a5:a5:d9:7e:90:ed:b0:9c:64:11:68: 12:fb:23:0a:e0:2b:65:25:7a:ba:66:c3:1c:c9:39: 6a:30:6a:45:37:17:53:57:45:66:76:d5:d5:bf:b2: 6a:24:10:d0:fb:70:3d:71:08:0b:0c:fa:f4:8e:59: 4e:24:d3:ce:f9:94:de:6a:29:d2:a8:ba:f8:28:43: 72:e7:10:9e:68:a9:39:15:e8:33:7a:9f:bb:4b:55: 16:22:f4:15:b8:86:84:65:50:f0:f7:21:ba:39:46: 0b:95:1c:17:f3:fd:36:60:8f:c1:d1:1f:a9:ec:3e: f2:83:cd:85:c3:f5:2d:bc:81:57:de:21:23:08:e2: 59:a8:7b:b0:8c:57:45:bf:48:35:00:01:e4:7a:16: 2c:28:20:27:3f:64:5d:f5:a6:aa:e1:ae:a0:5f:b4: 36:73:6a:e7:9d:1d:83:67:62:f3:fd:e0:04:ba:5a: 23:1c:56:9a:53:6d:5e:7c:43:7d:46:b5:17:26:03: 3d:a4:ac:fa:9b:e5:22:04:80:5b:61:8b:50:16:d9: 73:f4:92:75:45:92:a4:be:d5:f0:6f:74:7a:79:73: c6:02:d1:22:6b:71:ad:83:a5:cd:88:f1:46:db:7e: 58:e6:76:70:eb:55:10:d3:36:60:e8:e7:f2:15:2e: a9:e0:c5:1d:6a:e2:dd:1c:68:78:5d:66:e0:f1:92: 70:24:2d:0a:01:fc:83:a8:51:4e:bc:07:66:2c:0a: 9c:f8:9b:9e:29:b7:62:4e:97:61:c1:76:e5:7a:c0: 2c:1d:f6:76:4e:0d:04:19:70:b1:a6:6d:42:b9:60: b4:2c:20:0f:2f:c0:a7:55:7a:77:85:f0:d1:8b:8d: 36:d5:86:1f:01:da:d5:f4:0d:b1:48:d3:09:8d:83: 2f:4e:5a:9d:16:64:5b:a6:8a:b9:8e:18:1b:02:21: 5e:68:78:ca:f0:c0:68:30:52:16:01:49:49:1e:0e: f4:9b:3c:ea:db:c0:cd:15:af:2c:43:eb:96:4d:12: 28:f3:ad:07:70:d4:60:8a:c9:4d:2d:52:17:f5:3e: 6a:95:11:09:fe:b6:40:ed:fe:08:1c:b0:86:8f:bf: 00:c2:da:06:91:f9:76:8e:58:28:08:43:60:18:76: 86:5e:3c:af:24:9f:ab:08:85:41:47:6c:c0:a5:bf: 2f:01:ee:be:d3:19:a3:8c:23:40:fe:dd:e2:4f:ef: 92:b6:96:84:e0:fa:ee:9d:ca:4d:a7:33:31:f1:ca: f6:1e:d2:60:f3:c7:ab:b4:f7:58:8a:3e:1c:b2:69: df:20:1f:92:9d:ef:79:cb:f7:2e:79:8d:b6:25:4e: 4e:1f:5b publicExponent: 65537 (0x10001) privateExponent: 00:8c:d6:40:c3:42:90:3d:4d:f0:72:5f:56:53:cb: 62:64:40:65:94:86:5e:cf:d2:24:1f:3a:ce:77:29: ba:04:a9:38:19:dd:62:db:99:cf:7f:bc:d4:ae:49: b8:cc:89:a5:7e:84:5a:d5:c6:45:2c:c5:fd:a7:8d: f9:05:9d:8d:59:cb:20:8e:c5:f5:10:84:8a:52:70: 70:68:bc:4e:ea:3b:52:97:8f:b7:25:47:15:90:3c: 07:0d:b4:ee:ad:22:b8:8f:8e:c1:5d:59:8f:a5:2f: d1:f5:d7:fb:18:7c:2c:0a:39:97:df:f4:10:8c:2f: 86:df:c7:34:bd:3f:e7:1b:73:5b:38:33:b4:0a:a8: 0b:ef:4d:e5:94:06:19:e6:a5:ff:8e:ce:d7:4b:2a: 42:5f:32:4c:f0:3d:46:7a:01:44:43:65:e8:e2:74: 78:de:dc:c0:ef:cf:d5:c5:c0:4d:6a:74:7f:ea:22: 1f:db:9d:63:9a:90:b7:8b:0f:f3:74:24:fc:44:3b: 96:ff:b6:5f:d2:85:0d:9c:d8:27:33:35:5e:f0:54: b0:b1:b0:e3:7f:96:41:b1:50:be:d4:12:fb:47:f4: 3c:02:ef:04:0a:f8:ce:71:05:47:a3:95:fb:72:d7: b3:ec:3c:d5:80:0c:b3:4f:fa:dc:ac:aa:6c:b4:1d: 76:b0:07:3f:16:96:f2:50:71:d0:ed:cf:d7:4c:85: d9:70:1b:50:fc:f4:45:07:1e:eb:35:53:29:47:01: b9:0b:a0:3c:ae:b8:33:a3:60:a5:02:a6:54:1c:78: 6e:bd:05:b4:39:3b:b9:46:46:0f:1c:2b:da:91:4b: af:91:17:9c:68:73:75:64:cb:2e:68:ab:17:fd:ec: 55:07:e5:53:98:ca:f6:7d:a7:d1:6b:0f:a7:3d:c0: d1:02:13:30:20:96:c1:29:51:8a:da:74:1a:29:4c: 36:44:65:ed:40:1b:32:0a:8c:85:2c:d7:e0:98:ad: 15:5c:0b:a8:bc:1c:46:d0:ea:f6:8e:da:60:92:08: a9:a8:04:3b:e0:bf:ba:27:6c:a4:f6:37:9f:a8:87: 08:c9:a3:6d:ce:6a:9a:b7:93:09:7c:71:c4:75:c1: 87:d6:c4:8b:8c:88:6a:45:c1:4f:12:9b:ac:5c:09: 7d:1c:3d:2d:f7:89:eb:41:0c:e4:d5:57:83:32:b2: b4:0b:9d:01:08:20:87:f9:46:92:77:a2:0f:62:3e: 82:8a:33:c6:a2:ac:55:85:ba:77:bb:3f:05:cf:55: c2:6d:5b:89:ad:8b:f2:d5:28:85:1e:ef:b6:69:18: 37:db:e7:c7:bf:28:6a:76:7d:c0:64:26:02:58:9b: b4:b3:b1 ``` The two prime factors, which correspond to the p and q can also be found in the `ca.key`: ``` prime1: 00:e3:7a:c4:0d:0a:f4:8b:fc:ae:86:03:97:df:d6: 55:e2:f2:cc:f7:8c:34:ac:17:21:cf:7c:f0:f3:4b: f3:54:af:78:82:61:ad:f1:8f:47:0d:1f:3b:3b:78: c3:08:6d:e7:be:d8:91:fb:92:61:02:f4:f3:c2:07: e4:76:61:cd:02:0f:68:d4:53:88:03:7e:92:7d:73: 2b:60:ce:58:1e:05:f1:5d:3f:f6:20:03:32:b4:7e: 83:cd:e5:19:0b:af:20:d7:bb:20:f3:23:9a:9e:b0: 82:3f:b8:01:3c:60:d2:8a:f4:ee:b0:ed:a5:c0:34: a9:7f:da:26:a6:09:89:bc:15:94:bb:ec:c7:d2:33: 02:4a:c1:01:61:fa:2a:99:12:4f:e4:8b:8c:ac:4b: c5:5b:37:22:27:dc:33:b5:5a:ea:9b:21:cc:0b:7c: ae:45:05:4e:d3:89:54:6d:52:4f:65:75:26:fc:ae: 3c:ed:51:3a:5d:d0:b5:88:62:af:8a:d2:87:49:73: e4:0d:3d:d0:83:31:ee:b8:20:88:ce:60:50:7d:70: 3d:6a:29:9d:ba:ce:f7:ad:d5:d1:01:aa:65:4e:43: 7d:10:aa:1a:40:6a:54:49:d6:70:24:35:d9:7f:2c: 39:fb:76:40:d2:1e:3b:cf:03:ca:a6:eb:91:30:bc: 53:53 prime2: 00:d6:6e:56:aa:3a:2f:3c:f5:c8:dd:67:0c:75:b7: 0e:ab:7e:71:9f:b7:32:84:1b:37:71:a4:e3:1d:87: f6:f1:79:d3:28:36:1d:f4:22:a1:80:be:4a:51:4c: bb:a2:37:50:1d:66:3f:92:7a:21:92:f6:03:1a:02: 87:59:46:fc:cd:43:cb:6f:b7:84:6e:be:af:eb:24: 1a:f9:52:6d:72:21:bf:36:27:09:19:0a:65:3a:89: d1:08:77:4e:1b:e7:d2:87:e7:f8:a9:ae:09:f6:6d: c7:f8:ca:b1:47:a2:2f:6e:c2:31:6d:20:1f:ce:1b: 84:ad:2b:78:85:0f:f2:9c:e4:2f:16:b8:98:87:09: 8f:cb:b5:00:ea:f4:f1:43:0e:bc:de:de:e3:21:b8: d5:2c:6e:d3:a7:8c:5e:2b:e6:8d:d8:de:16:f3:d1: 67:dc:e4:61:6c:c2:74:a3:83:2b:45:ea:c6:93:2d: c0:11:8c:b9:4e:0f:cf:c4:13:18:a9:03:f8:6e:5e: de:85:7a:07:39:88:14:df:6b:73:7b:ee:24:da:21: 33:83:4e:cd:d9:69:b4:43:8e:a4:5b:fb:58:d3:4b: a1:82:2c:d7:b0:f3:45:f8:cf:3f:2b:64:7d:1b:35: 43:65:ef:3f:75:fe:f9:69:a8:05:d9:92:4c:35:e4: ca:d9 ``` ## Task 2 - Generate a Certificate Request for the Web Server After creating the CA, now we should generate a certificate request for our website. The following command generates a certificate request for the website `www.bank32.com`: ```bash openssl req -newkey rsa:2048 -sha256 \ -keyout server.key -out server.csr \ -subj "/CN=www.bank32.com/O=Bank32 Inc./C=US" \ -passout pass:dees ``` To add alternative server names, we've added the following option in our request: ```bash -addext "subjectAltName = DNS:www.bank32.com, \ DNS:www.bank32A.com, \ DNS:www.bank32B.com" ``` The full command looks like this: ```bash openssl req -newkey rsa:2048 -sha256 \ -keyout server.key -out server.csr \ -subj "/CN=www.bank32.com/O=Bank32 Inc./C=US" \ -passout pass:dees \ -addext "subjectAltName = DNS:www.bank32.com, \ DNS:www.bank32A.com, \ DNS:www.bank32B.com" ``` ## Task 3 - Generating a certificate for our web server The goal of this task was to turn a certificate request into X509 certificate. Using the following command we're able to turn our certicate request into a X509 certificate: ```bash openssl ca -config openssl.cnf -policy policy_anything \ -md sha256 -days 3650 \ -in server.csr -out server.crt -batch \ -cert ca.crt -keyfile ca.key ``` This command used the openssl.cnf, ca.crt and ca.key, from Task 1 and the server.csr (certificate request file) which was created on Task 2. In addition to that, we needed to change the `openssl.cnf` to be able to copy the extension field from the request. For that, we uncommented the `copy_extensions = copy` line. As we can see the certifcate contains the `Subject Alternative Names`, which was included in the `.crt`. This allowed the introduction of the domains specified in the `-addex` instruction when generating the certificate for the `bank32`. ``` Using configuration from openssl.cnf Enter pass phrase for ca.key: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 4097 (0x1001) Validity Not Before: Jan 11 17:40:39 2022 GMT Not After : Jan 9 17:40:39 2032 GMT Subject: countryName = US organizationName = Bank32 Inc. commonName = www.bank32.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 02:F1:AC:22:46:FD:49:42:FF:35:60:76:43:49:31:0E:45:5A:56:7D X509v3 Authority Key Identifier: keyid:A6:BE:ED:36:D2:9A:DE:D1:E7:C3:4E:66:F0:6C:9C:58:86:98:03:C2 X509v3 Subject Alternative Name: DNS:www.bank32.com, DNS:www.bank32A.com, DNS:www.bank32B.com Certificate is to be certified until Jan 9 17:40:39 2032 GMT (3650 days) Write out database with 1 new entries Data Base Updated ``` ## Task 4 - Deploying certificate in HTTPS Website The following entry, which is present in `bank32_apache_ssl.conf` file, is responsible for setting up HTTPS on the website `www.bank32.com` ``` <VirtualHost *:443> DocumentRoot /var/www/bank32 ServerName www.bank32.com ServerAlias www.bank32A.com ServerAlias www.bank32B.com DirectoryIndex index.html SSLEngine On SSLCertificateFile /certs/bank32.crt SSLCertificateKeyFile /certs/bank32.key </VirtualHost> ``` If we wanted to use another address, it would be necessary to change the line saying `ServerName`. The ssl certificate that will be used on the website should be specified at `SSLCertificateFile` and the key at the entry `SSLCertificateKeyFile`. After having the file with our website address, we started the apache server as explained in the guide:  After that, when we opened the browser at `https://www.bank32.com`, the browser gave us a Potential Security Risk Ahead warning, because the certified authority was not trusted by firefox.  However, if we click in the button that says `Advanced...` and then in `Proceed Anyways` we could access the website. In order to avoid this warning, we need to add our CA in firefox. To add a certificate, we went to the `about:preferences#privacy` and selected the Authorities tab. Since bank32.crt was signed by ModelCA, by adding the certificate `modelCA.crt` we could access the website without any warning on our self-signed website.  ## Task 5 - Man-In-The-Middle We also changed the `.conf` file from the previous task by setting ServerName to `www.google.com`. To emulate a DNS cache poisoning attack, we mapped the hostname to our malicious web server, by adding the following line to the `/etc/hosts` file: ``` 10.9.0.80 www.google.com ``` It was also necessary to change the `ServerName` in the `.conf` file to the `google.com`. When we try to visit the website, firefox blocks it, because it detects a potential security issue since the certificate is not valid to the current domain.  ## Task 6 - Man-In-The-Middle with a compromised CA Assuming that we have a compromised CA, we can generate a certificate for the website `www.google.com` (which redirects to the compromised server). Then a certificate request was generated for that website and then turned it into a X509 certificate (as we did in tasks 2 and 3).  After starting the server and acessing the website, the browser will not raise any warning and the victim will land in our fake website.