https://systemoverlord.com/tags/pki.htmlRecent content in PKI on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Sun, 14 Jun 2020 00:00:00 +0000https://systemoverlord.com/2020/06/14/private-ca-with-x-509-name-constraints.htmlSun, 14 Jun 2020 00:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2020/06/14/private-ca-with-x-509-name-constraints.html<p>I wanted to run a small private <a href="https://en.wikipedia.org/wiki/Certificate_authority">Certificate Authority</a> for some of my internal services. Since these aren&rsquo;t reachable from the internet, and some of them are on network segments without internet connectivity, using a public ACME CA like <a href="https://letsencrypt.org/">Let&rsquo;s Encrypt</a> was inconvenient. On the other hand, if I run my own private CA and the keys get compromised, it could be used to <a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">MITM</a> all my internet traffic. While that&rsquo;s unlikely to happen, I decided to look for a better option.</p> <p>It turns out that the idea of a &ldquo;limited purpose&rdquo; Certificate Authority is not new. <a href="https://tools.ietf.org/html/rfc5280">RFC 5280</a> provides for something called &ldquo;Name Constraints&rdquo;, which allow an X.509 CA to have a scope limited to certain names, including the parent domains of the certificates issued by the CA. For example, a host constraint of <code>.example.com</code> allows the CA to issue certificates for anything under <code>.example.com</code>, but not any other host. For other hosts, clients will fail to validate the chain.</p> <p>This hasn&rsquo;t always been supported by TLS libraries and browsers, but all current browsers do support Name Constraints. Consequently, this is an approach to narrow the risks associated with a CA compromise for hosts other than those covered by the constraints in the CA certificate.</p>