TinyCert – Become Your Own PKI/CA Authority in a Matter of Minutes
tinycert.orgWhile not the only one out there[1], I've been hacking a cli tool written in bash[2] to streamline the OpenSSL commands geared toward a PKI/CA workflow. I started it mainly for my overall learning of OpenSSL from nothing and for my small scale needs with my CoreOS servers.
What I learned from this exercise, is that it's not the complexity of the commands that is the issue with OpenSSL, it's:
1) The importance of consistent naming schemes (for the humans) and PKI hierarchy design (the nuances of keyUsage, basicConstraints, and extendedKeyUsage)
2) consistent execution of commands; typos are more likely the more you have to put in the CLI manually
3) good configuration files aren't utilized enough in most of the tutorials I found. They can streamline use, archive procedure, and prevent typos as in point #2.
4) The importing of certs and keys in an automatic way is a sort of dark corner of the tutorial world. But permissions are super important! I came up with an import strategy that I think works pretty well.[3] Please examine and break it!
[1]https://github.com/OpenVPN/easy-rsa
I quite like the idea of TinyCert and often wanted to do something similar myself. Although creating a private CA is not a lot of work initially, maintaining it is a hassle, especially when you'd rather be doing something else. TinyCert could be useful for development teams (and other similar non-security-critical uses) to get rid of self-signed certificates altogether.
However, for me, the fact that they have all the private keys is a deal breaker. Further, I'd like to see the certificates name-constrained to specific development hostnames. And I don't like the fact that the keyUsage and extendedKeyUsage fields are not locked down. If I am going to install a private CA root, I want to have the smallest possible attack surface.
Overall, if they offer this as something that can be locally installed, it could be a useful product. Especially if it integrates with a low-cost HSM, for example https://www.nitrokey.com/
In the meantime, for anyone looking for good documentation on how to achieve the same using just OpenSSL on the command line, I have an easy-to-follow guide as part of my OpenSSL Cookbook:
https://www.feistyduck.com/library/openssl-cookbook/online/c...
I agree with maintaining is a hassle, but creating a private CA is also not that easy. I was building up my own CA, there was still a lot of stuff to take care of, from policies/keyUsages to CRL/OCSP/SECP, when ECC comes in, encryption and decryption usages sometimes could be separated. There's whole lot of tiny little details somewhere makes me to rebuild the CA. I'm on G32 revision.
And the nitrokeys are great, I've never expected an affordable HSM for home/private use, thank you for mentioning it. I think I'm going to roll out G33 ;p
The fact that they keep your private keys in their database is what makes this a bad idea to use.
Cannot see what kind of people this service is targeted to, since the ones who understand what a CA is and need to sign their own certificates probably already know how to use OpenSSL.
OpenSSL's CLI is pretty annoying, and for many (like me!) it mostly consists of copy-pasting commands into a text editor, modifying them slightly, and pasting them into a terminal. Could be better. But yeah, trusting a third party with your private keys isn't an answer.
Maybe look at Dogtag Certificate System
I believe this was mentioned last time TinyCert appeared on HN, but a self-hosted version of this would be more ideal.
I personally use etcd-ca[0] to ease management of my own certificates.
As you say, I'd prefer to run this sort of thing locally - half the point of running your own CA is that you have full control over it.
I wrote caman (https://github.com/radiac/caman), a bash script wrapper for openssl with what looks like a similar syntax to etcd-ca. I posted about it on HN a while back, but it now also supports SAN certificates and intermediate CAs.
So just to be clear: whatever you do with the keys generated by this service is trivially pwn-able by TinyCert.
Maybe you trust TinyCert not to be malicious. But do you think they're completely unhackable? A database full of private keys is a mighty tempting reward for attackers.
I wouldn't touch private-key-generation-as-a-service with a 10-foot pole.
First, they have to care. Second, they'd have to MITM your network connection. The chance of a single party being able to do both of those is very, very low.
Sure, it's not best practices. Is it better than what R&D teams are doing now? (Unvalidated self-signed certs, or no encryption at all.) Absolutely.
People complaining about this are like people who complain about invalid cert warnings not being strong enough (or too easy to disable) while half the world still browses with http with no warnings.
It's a significant improvement over the status quo.
Come on over to my place. I won't MITM you, I promise :). Or we could go down to the coffee shop down the street. They have free Wi-Fi there too. Or maybe you'd like to visit my favorite co-working space. How about a conference room at my corporate office? Or maybe I'm your friendly $DAY_JOB firewall guy with a hankering to read your email. Perhaps I am your crazy ex working for $ISP. Or maybe I am on the same public cloud as your server and my VM just happens to be hosted on the same physical box as yours. There are lots of ways to MITM a connection that don't require you to do Mission Impossible style of break ins to tap into the backbone.
Good thing you don't run TinyCert. Please resume missing my point.
From their FAQ: "Your certificate authorities' and certificates' private keys are generated on the TinyCert servers and stored in the database."
It seems nice! A few days back I was playing a bit with golang's crypto and examples and I created a small cli app[1] to generate CAs and private key - certificate pairs signed by them. I wanted to create a small web service on top too (no need for sign up though, just check some fields and download a zip with your files) but haven't find time.
The most difficult problem imo, remains the management and not the creation of the keys and certs. I occasionally use them to connect backend services securely, so I have to install the root cert to every server OS and every JVM based app (here we create a keystore). Then I have to install each private key and certificate to the appropriate service. If the service is JVM based we also have to adjust its command line switches. Should a private key get stolen and we have one root CA for all services, we should delete and recreate everything. PKI is complex and with tens or hundreds of services its almost impossible to manage. Even the simplest task, like downloading a file from a nexus repository by a JVM based app using https and a free StartSSL certificate is very hard, since Oracle doesn't include StartCom's root CA.
This is exactly what I needed. Easy to use and you are still in control.
As others said, the whole point of having your own CA is that you have full trust and control over it. If you give someone your root ca private key then you may as well not have your own PKI at all (I can't see the point).
re cli - pain^2 , I ended up using xca
This is insane. It's a service that generates private keys for you and stores copies.
Why would anyone want this? Or is my sarcasm detector way off?
It could be i'm totally missing the use-case for this, but personally I think if you can't take the 30 minutes to google one of the hundreds of guides that use OpenSSL commands and precompiled win32 binaries to generate three files you shouldn't be trusted with providing security for a website. Who are these people who need SSL and don't have 30 minutes to learn this once?
There are tons of scripts and other tools that handle the commands for you, too. Do I really need to sign up for yet another website just to perform one operation? (No, and neither should you)
The trend these days seems to be turning everything into a service.
There is CA functionality included in basic OpenSSL:
We know. They say very clearly on the front page that one of their advantages is:
> Generate and manage SSL certificates quickly and easily without looking up complex OpenSSL commands.
But openssl commands aren't complex. Confusion ensues.
OS X includes a convenient app for all this https://imgur.com/zvCzT5l
I tried generating a self-signed certificate that had multiple SANs the other day and just gave up because I couldn't get it working.
It doesn't sound like you had trouble with the CA part of OpenSSL if you created a self-signed cert from the command line.
It might be that there's no (that I know of!) convenient way to specify extensions such as SAN on the command line. You have to do it via a configuration file, which you in turn pass as an argument. And that's probably the way you want to do it anyway if you script things!
As long as you do it that way there should be no problems with signing certificates, with or without extensions.
They mention StartSSL for production certificates. Beware that while creating certificates with them is gratis, REVOKING them will cost you money. https://www.techdirt.com/articles/20140409/11442426859/shame...
They actually have the most reasonable business model, as they only charge you for services where human interaction is required (fe checking your credentials or adding your certificate to the revocation list), anything else like signing your certificate is free.
Note that StartSSL certificates are only free for "non-commercial" use, where "non-commercial" is not a clearly defined term, e.g. if you domain name contains businessy terms , such as "sell", they will refuse to issue a free cert.
I tried to setup some a SSL cert through StartSSL and hit the paywall when I wanted to create a cert for a sub domain. The fees to get class 2 verification cost more than buying a basic SSL elsewhere.
You can do subdomains, but with only class 1 verification you are limited to one subdomain per cert and the root domain is also included.
Not open source.
I know. I've discussed this with the author, there are some IP issues he's trying to resolve. Outside of this obstacle, his desire is to open-source it.
It's like self signed certificate. From their FAQ:
"...but any regular user's browser will rightly put up a big fat warning message as they do not trust the root certificate of your TinyCert CAs."
Not sure i got it right – is it some kind of self-signed/untrusted certificate generation as-a-service?
Pretty much, yes. It has an API as well. You have to accept the root certificate of the authority you create in the browser and then you don't have do accept all self-signed certificates based on it. It's aiming to ease development, it's not to be used in production.
There's no such thing as "quick and easy" security..
yum install tinyca