Certificates for DoT and DoH?
David Guo
david at xtom.com
Mon Feb 28 16:55:09 UTC 2022
Hi Mork,
You don't need a certificate for your IP address if your DoT and DoH use domains.
For certificates with IPv4 address, we use ZeroSSL / GoGetSSL, both are SubCA with Sectigo, which works fine.
For IPv6 address, we used Digicert but it's too expensive, so we give up ☹
Our DoT/DoH service is https://dns.sb/
Regards,
David
-----Original Message-----
From: NANOG <nanog-bounces+david=xtom.com at nanog.org> On Behalf Of Bjørn Mork
Sent: Monday, February 28, 2022 10:30 PM
To: nanog at nanog.org
Subject: Certificates for DoT and DoH?
Any recommendations for a CA with a published policy allowing an IP address SAN (Subject Alternative Name)?
Preferably someone using ACME with a simple RFC 8738 reference. Let's Encrypt had this in their TODO list for a while, but it was removed and the project was put on hold:
https://github.com/letsencrypt/boulder/pull/4920#issuecomment-832104881
https://community.letsencrypt.org/t/planned-rfc-8738-support-pulled/152057
And I've been unable to find any other CAs with RFC 8738 support either.
Most of them don't even bother documenting it as unsupported. All I've found is this answer from Buypass:
https://community.buypass.com/t/h7hm76w/buypass-support-for-rfc-8738
So what do people use for DoT and DoH?
I see that Google got a certificate from their own CA. No surprise...
Version: 3 (0x2)
Serial Number:
9c:d9:a2:0f:fe:dd:2b:0a:12:00:00:00:00:03:6f:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
Validity
Not Before: Feb 17 11:34:59 2022 GMT
Not After : May 12 11:34:58 2022 GMT
Subject: CN = dns.google
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:43:69:7c:2b:7d:99:d5:f3:79:d7:b8:54:bd:
6e:61:7b:8d:50:c5:bb:86:6c:a3:60:27:3e:22:c6:
45:00:68:a2:d2:2e:c9:c2:8f:8e:58:0e:93:0a:a4:
ff:2d:5c:71:d9:0a:5b:f3:1c:ce:79:d2:71:5c:20:
4a:34:21:c1:fa:c3:92:bd:e8:7e:bd:93:79:ef:ad:
0b:74:e0:21:f6:22:4e:9c:39:01:48:49:bc:a0:db:
98:0b:ab:4c:df:99:b1:30:92:09:0d:f8:ea:0f:7f:
85:65:55:e7:9f:ba:88:4a:ca:93:04:71:8d:13:f7:
3b:e3:36:ee:fc:b7:b9:fc:e5:5a:a8:7b:22:ce:0a:
dd:4b:36:ee:d9:8f:09:d4:2e:3f:48:5e:f8:7c:71:
2d:65:26:29:67:b9:c7:b2:77:8a:60:20:4f:dd:74:
00:49:c5:6f:3b:19:d0:ea:f8:78:ef:86:02:37:be:
3d:2e:d1:14:18:22:22:e6:94:65:bb:9d:37:b8:61:
8b:2c:fc:85:bc:04:01:56:74:04:b9:86:dc:59:9a:
75:9d:de:d9:65:67:5d:9f:75:f3:6d:8a:4f:61:d2:
c5:b5:e1:dd:2e:54:78:8a:a8:39:ab:d1:0c:97:4d:
bc:7d:f2:64:cb:d3:21:5a:f0:70:03:08:a6:f4:21:
4c:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A6:21:3C:08:17:99:1E:DE:2D:F5:EB:C8:90:C9:71:D2:E9:53:1D:EE
X509v3 Authority Key Identifier:
keyid:8A:74:7F:AF:85:CD:EE:95:CD:3D:9C:D0:E2:46:14:F3:71:35:1D:27
Authority Information Access:
OCSP - URI:http://ocsp.pki.goog/gts1c3
CA Issuers - URI:http://pki.goog/repo/certs/gts1c3.der
X509v3 Subject Alternative Name:
DNS:dns.google, DNS:dns.google.com, DNS:*.dns.google.com, DNS:8888.google, DNS:dns64.dns.google, IP Address:8.8.8.8, IP Address:8.8.4.4, IP Address:2001:4860:4860:0:0:0:0:8888, IP Address:2001:4860:4860:0:0:0:0:8844, IP Address:2001:4860:4860:0:0:0:0:6464, IP Address:2001:4860:4860:0:0:0:0:64
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.11129.2.5.3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crls.pki.goog/gts1c3/zdATt0Ex_Fk.crl
[cut]
But this is not an option for anyone else according to
https://pki.goog/faq/#faq-29 :
How can I get a certificate from Google Trust Services?
At this time, the only way to get a certificate from Google Trust
Services is via an Alphabet or Google product.
I guess it's easy to push for DoT and DoH when you can create rules like that.
Both Quad9 and Cloudflare got their certificates from DigiCert:
Version: 3 (0x2)
Serial Number:
05:45:06:fe:17:98:52:bb:fa:c1:a7:3d:cd:80:39:7b
Signature Algorithm: ecdsa-with-SHA384
Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1
Validity
Not Before: Jul 27 00:00:00 2021 GMT
Not After : Aug 4 23:59:59 2022 GMT
Subject: C = US, ST = California, L = Berkeley, O = Quad9, CN = *.quad9.net
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:7d:8b:d7:1d:03:85:0d:18:25:b3:34:1c:29:a1:
27:d4:ac:01:25:48:8a:a0:f1:ea:02:b9:d8:51:2c:
08:6a:ac:72:56:ec:fa:3d:a6:a0:9f:49:09:55:8e:
ac:fe:b9:73:17:5c:02:fb:78:cc:24:91:94:6f:43:
23:89:0e:1d:66
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A
X509v3 Subject Key Identifier:
7F:A9:12:A5:D7:C6:8B:48:02:C7:3D:2A:45:6E:40:1E:40:60:F4:97
X509v3 Subject Alternative Name:
DNS:*.quad9.net, DNS:quad9.net, IP Address:9.9.9.9, IP Address:9.9.9.10, IP Address:9.9.9.11, IP Address:9.9.9.12, IP Address:9.9.9.13, IP Address:9.9.9.14, IP Address:9.9.9.15, IP Address:149.112.112.9, IP Address:149.112.112.10, IP Address:149.112.112.11, IP Address:149.112.112.12, IP Address:149.112.112.13, IP Address:149.112.112.14, IP Address:149.112.112.15, IP Address:149.112.112.112, IP Address:2620:FE:0:0:0:0:0:9, IP Address:2620:FE:0:0:0:0:0:10, IP Address:2620:FE:0:0:0:0:0:11, IP Address:2620:FE:0:0:0:0:0:12, IP Address:2620:FE:0:0:0:0:0:13, IP Address:2620:FE:0:0:0:0:0:14, IP Address:2620:FE:0:0:0:0:0:15, IP Address:2620:FE:0:0:0:0:0:FE, IP Address:2620:FE:0:0:0:0:FE:9, IP Address:2620:FE:0:0:0:0:FE:10, IP Address:2620:FE:0:0:0:0:FE:11, IP Address:2620:FE:0:0:0:0:FE:12, IP Address:2620:FE:0:0:0:0:FE:13, IP Address:2620:FE:0:0:0:0:FE:14, IP Address:2620:FE:0:0:0:0:FE:15
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
X509v3 Basic Constraints: critical
CA:FALSE
[cut]
Version: 3 (0x2)
Serial Number:
0f:75:a3:6d:32:c1:6b:03:c7:ca:5f:5f:71:4a:03:70
Signature Algorithm: ecdsa-with-SHA384
Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS Hybrid ECC SHA384 2020 CA1
Validity
Not Before: Oct 25 00:00:00 2021 GMT
Not After : Oct 25 23:59:59 2022 GMT
Subject: C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cloudflare-dns.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:fb:29:44:f2:98:3f:d8:bd:82:56:d3:2c:bd:8e:
09:9f:31:2b:98:26:9e:22:96:8d:7b:4b:fc:da:c5:
7b:7b:29:aa:8e:35:6c:9c:0a:48:05:6c:89:73:ed:
20:0e:cd:46:21:f0:ec:4d:b3:a5:e9:af:1b:38:99:
e5:f4:da:f1:84
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0A:BC:08:29:17:8C:A5:39:6D:7A:0E:CE:33:C7:2E:B3:ED:FB:C3:7A
X509v3 Subject Key Identifier:
19:45:1B:23:18:F8:74:DA:22:14:CB:46:6B:E2:13:B3:60:15:82:40
X509v3 Subject Alternative Name:
DNS:cloudflare-dns.com, DNS:*.cloudflare-dns.com, DNS:one.one.one.one, IP Address:1.1.1.1, IP Address:1.0.0.1, IP Address:162.159.36.1, IP Address:162.159.46.1, IP Address:2606:4700:4700:0:0:0:0:1111, IP Address:2606:4700:4700:0:0:0:0:1001, IP Address:2606:4700:4700:0:0:0:0:64, IP Address:2606:4700:4700:0:0:0:0:6400
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
[cut]
Does this mean that DigiCert is the only alternative? And do they really have this offer for ordinary users, or is this also some special arrangement for big players only?
I see that a CSR with a DNS name, an IPv4 address and an IPv6 address is accepted by https://www.digicert.com/ssltools/view-csr/
But when I test the same CSR on their order page, only the DNS name is extracted into the order form. Leaving me confused and worried about the addresses being ignored.
And their documentation sucks. Like all CAs, I might add.
There is no mention of how you are supposed to demonstraete IP address control on https://docs.digicert.com/manage-certificates/demonstrate-control-over-domains-pending-certificate-order/
Searchin for RFC 8738 on https://docs.digicert.com/search/?query=8738
returns "No results found for 8738". Even if they do have ACME support for automated certificate management. So I guess automated certificate management of certificates with IP address SANs is out of the question.
That's a bummer. I really, really do not want to go back to semi-manual certificate management hell and the resulting periodical breakage.
https://www.digicert.com/tls-ssl/multi-domain-ssl-certificates looks like a bad joke:
The Subject Alternative Name field lets you specify additional host
names (sites, IP addresses, common names, etc.) to be protected by a
single TLS/SSL certificate
That does make me wonder how they verify that I'm the rightful owner of "sites, IP addresses, common names, etc.". In particular, "etc" :-)
Or you could ask yourself if you trust a CA with such an offer...
Yes, I'm frustrated. Why is a business that is mostly about selling policies so afraid of actually publishing those policies?
Bjørn
More information about the NANOG
mailing list