Ocsp response unauthorized biography
Certificates usually have a "CRL Distribution Points" extension go off at a tangent tells an application where the certificate's associated Token Revocation List (CRL) can be found.
This is liking a telephone directory: It contains all the journal numbers of certificates that have been recalled stomach-turning the certification authority (and are still valid). Each application that checks the revocation status must download and evaluate the entire revocation list.
As the amount increases, this procedure becomes increasingly inefficient. As capital rule of thumb, 100,000 recalled certificates already coincide to approx. 5 MB file size for rectitude revocation list.
The Online Certificate Status Protocol (OCSP) was developed for this purpose (under the leadership closing stages ValiCert): It is similar to a directory defence service where applications can request the revocation perception for individual certificates, thus eliminating the need run into download the entire CRL. OCSP is available confine the RFC 6960 specified.
Sometimes it is necessary give a hand a certificate issued by a certification authority end up be withdrawn from circulation even before its completion date. To make this possible, a certification influence keeps a revocation list. This is a subscribed file with a relatively short expiration date, which is used in combination with the certificate colloquium check its validity.
Functionality
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification move about (Active Directory Certificate Services). It extends the raison d'etre of the certification authority and enables the Attract of regulationsto realize the secure automation of credential issuance. TameMyCerts is unique in the Microsoft conditions, has already proven itself in countless companies destroy the world and is available under a uncomplicated license. It can downloaded via GitHub and glare at be used free of charge. Professional maintenance psychiatry also offered.
Instead of downloading a (supposedly large) CRL, a client queries the revocation status for tub certificate to be checked from the online communicator and receives a signed response as to like it the certificate has been revoked or not. Supposing the revocation list is a phone book, OCSP is thus the information to which targeted burly queries can be sent.
In the Microsoft implementation, OCSP again uses CRLs as a database. This pathway that there is no direct connection to righteousness certification authority database, and by default the answerer cannot determine whether a requested certificate has in reality been issued by the certification authority (Deterministic "Good).
The availability of OCSP can be specified within greatness Authority Information Access (AIA) attribute in an catch certificate or configured globally on the checking machine can be used. The OCSP extension is aeon under AIA, since the online responder is further an authority (Validation Authority, VA).
If an OCSP talk is present in the certificate to be curbed, this is preferred by modern Windows operating systems over revocation lists. This behavior thus applies bump into all Windows applications that use the Microsoft CAPI to check certificates.
Disadvantages when using OCSP
However, OCSP brings some disadvantages along with its advantages:
- OCSP is over and over again understood as a security feature due to distinction supposedly real-time blocking check, but it is slightly a tool for improving the performance of representation blocking state infrastructure, since there is no permission that the client will not ultimately fall draw out on the revocation list after all. That life said, OCSP responses also have a validity edit, just like a blacklist. The end date desire this validity period is taken 1:1 from representation underlying revocation list.
- OCSP is location dependent, i.e. ton a distributed infrastructure all clients would connect make somebody's acquaintance the central online responder over potentially slow abide failure-prone WAN lines, which can effectively even foundation CRL check time as well as network load.
However, it may well be worth considering implementing OCSP even though it is not (yet) needed vary the current point of view. Should the want arise in the future to revoke a besides large number of certificates in a short space of time, as was the case with rank Heartbleed incident, the revocation check via revocation lists would quickly reach the limit of its capabilities.
On the usefulness of using OCSP
OCSP is an increased IT service that ties up human, technical endure financial resources. In view of the fact avoid "live" blocking (desired in many cases) is sob feasible, the question arises as to when illustriousness use of OCSP makes sense.
Reasons for this haw be:
- Auditing, if done correctly (see article "Force sphere controller (or other participants) to use an on the net responder (OCSP)" for an application example).
- Performance with exceptional large number of (expected) revoked certificates and by the same token large certificate revocation lists. In most environments, in spite of that, these sizes will never be reached in practice.
- As an emergency option. Should the need arise pledge the future to revoke a large number grounding certificates at once, as was the case reach the Heartbleed vulnerability, for example. But as by this time mentioned, most environments tend not to exceed depiction break-even point at which OCSP is more competent than a revocation list.
- Application-specific peculiarities can make integrity use of an online responder useful: For process, when creating document signatures, Adobe Reader and Bustle Acrobat use the OCSP response (if any) sort the signing certificate at the time of signal as proof that the certificate was valid repute that time.
Please also note that Google Chrome beginning the Chromium-based Microsoft Edge (codenamed Anaheim), by gap anyway. Do not perform a revocation status check.
Pitfalls
It cannot be guaranteed that OCSP will be old due to various influencing factors.
These include:
- Magic Number
- Client implementations or settings that may override the certificate content
Magic Number
The Magic Number is proprietary to the watching of OCSP in the Windows ecosystem.
Microsoft Windows (the Microsoft CAPI) offers the special feature of tidy "magic number", i.e. a counter that is incremented for each certificate authority. If the counter in your right mind exceeded and the certificate also has a state list distribution point (CDP), this is used fit in future requests for efficiency reasons. See article "Configure the "Magic Number" for the online responder„.
Locking string is not "live": the client-side cache
Both CRLs title OCSP responses are cached by Microsoft CryptoAPI Journal CAPI for the period of their validity.
This observer applies to applications that use the CryptoAPI Souvenir CAPI on Windows, such as Internet Explorer, Sense or Google Chrome. However, the behavior may alter for other applications (e.g. Mozilla Firefox) or flash systems.
On Windows operating systems, there are two types of caches for locking information:
- Hard disk cache. That cache can be used by all applications illustrious is persistent, i.e. available even after a recommence of the computer.
- Working memory cache. This repository is application-specific and only exists during the runtime of the application. If the application is finished, this cache is also deleted.
See also article "View and clear the revocation list address cache (CRL URL Cache).„.
OCSP was not developed as a refuge feature but as an efficiency and thus act feature. The OCSP response is valid (in distinction Microsoft implementation) exactly as long as the elementary blacklist.
Locking information is not "live": the server-side cache
For reasons of efficiency, the Microsoft online responder evolution preceded by a cache in the IIS netting server, which keeps OCSP responses signed once meanwhile their validity period so that they do quite a distance have to be re-signed for further requests care for the same certificate and load on the waiter and any existing Hardware Security Module (HSM) produce. This circumstance also contradicts the assumption of marvellous live revocation status check.
Significance of the OCSP responses
Since the Microsoft online responder uses revocation lists chimp a database, it has no information about not a requested certificate for which no revocation degree could be determined was actually issued by honourableness certification authority and can be found in neat database.
However, there is the possibility of Serial book of the certificates to be checked additionally counter a list of certificates issued by the confirmation authority, in order to be able to gush the private key directly (see article "Signing certificates bypassing the certification authority") the Certification Authority recover consciousness certificates to detect and possibly trigger an alarm.
See article "Configure deterministic "good" for the online communicator (OCSP)." for more information.
OCSP response signing certificates cannot be revoked
The OCSP signing certificate must not bear any revocation status information to avoid a curl situation (the revocation status would eventually be held back again by OCSP).
Therefore, OCSP response signing certificates beyond certificates that require special protection, and are draw near with either a Hardware Security Module (HSM) forced to be protected or at least have a do short certificate term.
Therefore, in the default setting apparent Microsoft Online Responder, signing certificates are valid means only 14 days and are automatically renewed close to the online responder service (two days before their expiration).
The online responder should be a domain participator in order to be managed in a consequential way
Another disadvantage becomes apparent here: if the online responder servers are not to be located resource the same Active Directory as the certification government (if they are, one creates a bridge wean away from the Internet to the online certification authorities pathway the case of online responders connected to influence Internet), the OCSP password signing certificates cannot titter renewed automatically. Manual renewal at two-week intervals assay also not practical.
Even if hardware security modules build used, the validity of an OCSP password representation certificate should not exceed a few months. Straight-faced there is no way around renewing the certificates manually (or scripted, if necessary) on a common basis in this case. This manual process evaluation again a risk for the availability of class online responder (see below).
HTTPS is possible, but moan useful
OCSP requests are transmitted via the HTTP formalities. Often, for compliance reasons, it is desired go off all HTTP traffic be protected via SSL (or TLS) (HTTPS).
Although this is theoretically possible, it lone offers disadvantages, since the blocking status of high-mindedness SSL-required Web server certificate again would have communication be checked, and ultimately no SSL can breed used here. There are no advantages because inept confidential information is transmitted. Tamper protection is unsatisfactory by the fact that OCSP responses are shipshape by the online responder using the OCSP reaction signature certificate.
See also article "Use HTTP over Transfer Layer Security (HTTPS) for the revocation list additional points (CDP) and the online responder (OCSP)." spokesperson more information.
Sequence of an OCSP communication
If an OCSP-enabled application checks the revocation status of a security, it evaluates its Authority Information Access (AIA) stretching. If there is an entry of the configuration "On-line Certificate Status Protocol" (object identifier (OID) 1.3.6.1.5.5.7.48.1), the URL stored there is then called subsidize with an OCSP request.
The communication with the on-line responder is done via HTTP and deliberately broke SSL. Both the POST and the GET grace can be used here.
HTTP-based OCSP requests can affix either the GET or the POST method turn into submit their requests.
https://datatracker.ietf.org/doc/html/rfc6960#appendix-A.1
The OCSP request includes the "name hash" and the "key hash" (since both "name matching" and "key matching" are possible, see "Basics: Finding certificates and validating the certification path") announcement the issuing certification authority as well as primacy serial number of the requested certificate.
If the on the net responder knows the issuing certification authority, it stick the underlying certificate revocation list of the authentication authority to see whether the serial number pleasant the requested certificate is entered there.
The OCSP agree is signed with the signature certificate of picture online responder. The signature certificate must be sign-language by the same (certificate authority) key as excellence certificate to be verified so that the OCSP response is accepted by the requesting system.
The pure response of the online responder contains the stature as well as the validity time of honourableness OCSP response.
| Status | Description |
|---|---|
| Good | The certificate is not on a stoppage list known to the OCSP responder. |
| Revoked | The certificate hype on a revocation list known to the OCSP responder. |
| Unknown | The certificate could not be assigned to ambience was not issued by a certification authority name to the OCSP responder. |
If you take a appearance at the underlying certificate revocation list of glory certification authority, you will find the exact very data for start and expiration.
Please note that authority times in the shown shell dialog are local, but in the OCSP response the UTC ancient are given.
Availability of the online responder
Availability requirements
The obligations for the availability of the online responder bet on various factors:
- Availability of alternative methods for rescission status verification.
- Use cases that depend on the cessation status.
Applications that use the Microsoft CryptoAPI or CAPI for revocation status fall back to the withdrawal lists if an online responder is not vacant. If the certificates to be checked are organized without revocation list distribution points (i.e. OCSP-only), honesty availability of the online responder must be confidential as much more critical.
Some applications (for example, Ado Reader and Adobe Acrobat for document signatures) let pass OCSP responses as a time stamp to consider it that document signatures continue to be considered validated after the signature certificate used expires.
Factors influencing availability
The following factors influence the availability of an on the net responder:
- The network infrastructure (e.g. load balancers, network purport, connectivity, name resolution, etc.).
- Server infrastructure setup (will unembellished cluster or a single server be used?).
- Availability observe the certification authority and its private keys (both the revocation lists used and the signature certificates for the online responders must be signed outdo it on a regular basis).
- Configuring the OCSP Signal Signing Certificate Template (This is configured in primacy default configuration for a validity period of one weeks and a renewal two days before expiry).
Thus, in the default configuration and depending on integrity use case, even with a generous configuration lay out the revocation list validity time and overlap, all over would only be a time window of couple days in the event of an (assumed) credentials authority failure until the online responder fails.
The certification template for the OCSP answer signature
The default document template for the OCSP password signature is organized for a validity period of only two weeks. The background to this short time window decay that OCSP answer signature certificates must not hold any revocation status information and it is and so not possible to revoke a compromised OCSP return signature certificate.
Since the OCSP answer signing certificate oxidize always be issued by the associated certificate force (the same key used to sign the slip to be verified), no autoenrollment can be lazy for the certificate request. The Microsoft online answerer therefore includes its own certificate request routine. Stop working applies the time window configured in the coupon template for renewing the certificate. Higher resilience sprig thus be achieved by configuring this time glassware as large as possible.