NETSCAPE
SSL 2.0
CERTIFICATE
FORMAT
INTRODUCTION
This document describes how Netscape products work with certificates
when using the SSL 2.0 protocol. The document is intended to provide Certificate
Authority (CA) service providers enough details to build a service that can
issue certificates for Netscape products.
This document has four sections that describe:
- How Netscape products use SSL 2.0 certificates
- Site certificate format
- Certificate Authority certificate format
- Certificate signing requests (CSRs) for SSL 2.0 server
certificates
HOW
NETSCAPE
PRODUCTS USE
SSL 2.0 CERTIFICATES
Netscape Commerce Server 1.x uses a single X.509 certificate that enables
the server to authenticate itself to clients requesting SSL 2.0 connections.
When a server presents a certificate during an SSL handshake, Navigator
checks the certificate against its certificate database. If the server
certificate is
already in Navigator's database, or if the server certificate is signed
by a Certificate
Authority whose certificate in Navigator's database, the SSL handshake can
conclude successfully.
Netscape Navigator 2.0 allows end users to add new trusted certificates
to Navigator's certificate database. To see a list of the trusted
certificates
that are shipped with Navigator, choose Security Preferences under the
Options menu. If necessary, click on the Site Certificates tab.
Navigators can handle two different kinds of certificates:
- A Certificate Authority certificate is a signed certificate
that identifies a Certificate Authority. Netscape recommends that these
certificates be self-signed. When server certificates signed by this
Certificate Authority are presented during an SSL handshake, Navigator
trusts
those certificates. Navigator can download (via HTTP) new trusted CA
certificates because they are identified by a newly defined MIME
type.
- A site certificate is a server certificate presented by a server
during
a SSL handshake. If the certificate is signed by some certificate authority
that Navigator does not trust (that is, does not show up on
the Certificate Authority list in the Security Options dialog box or is
marked by the user as not trusted), Navigator displays a series of screens
that allow the user to accept or reject the certificate. (In the case of
a bad certificate, Navigator displays a warning that allows the user
to continue or abort the connection.)
When Navigator receives a certificate it does not already trust,
it launches a wizard to guide the user through the process of installing
the certificate as follows:
- The first time Navigator attempts to connect to an SSL server which
presents a certificate that Navigator does not trust, Navigator launches
a wizard to install the certificate. The inital screen of the installation
wizard alerts the user that Navigator has received an unrecognized
certificate. The exact text on this introductory screen depends on whether
the certificate is a site certificate or a Certificate Authority certificate.
- The wizard presents human-readable information about the certificate
including the following information.
- The organization that owns the certificate.
- The Certificate Authority that signed the certificate.
- The type of encryption (e.g., Export Grade RC4, 40-bit secret key).
- The user may choose to view more information about the certificate
by clicking on the More Info button. Clicking this button opens
a window that displays more information about the certificate including:
- Details about the organization maintaining the server (taken from
fields of the subject's Distinguished Name), including the common name
(CN=), organization name (O=), and country
(C=).
- The same details about the Certificate Authority.
- Certificate serial number, validity period, and fingerprint (which
is an MD5 hash of the certificate).
- The user then chooses whether to trust this certificate.
- Site certificates. Users may choose to trust the certificate
for this session, trust the certificate permanently, or not to trust the
certificate.
- Certificate Authorities. Users may choose to trust or not trust
CA certificates.
- The wizard asks the user if they would like to be warned each time
the user attempts to send data to this server. The default behavior is
to display no warnings.
- (Only for Certificate Authorities) Finally, the wizard prompts the
user to enter a nickname to identify the Certificate Authority. This name
appears in the list of certificates displayed as part of the Security
Preferences (under the Options menu).
In future releases of Navigator, Netscape plans to display simply the
Certificate Authority's Common Name. Therefore, Netscape encourages
Certificate Authorities to use a Common Name that the user will recognize
as the Certificate Authority. For example, a Common Name of "Netscape
Certificate Authority" would be
better than simply "Certificate Authority".
SITE
CERTIFICATES
The following section describe the mandatory and recommended certificate
content. The content of site certificates and CA
certificates are nearly identical, though there are small differences
in the subject.commonName field described below.
-
Key length of signature
-
All Certificate Authorities should use 1024-bit RSA keys for signing
certificates. Netscape Navigator 2.0 can not operate on keys larger than
1024 bits.
-
Certificate serial numbers
-
Certificate serial numbers should be unique. No Certificate Authority
should issue two certificates with the same serial number.
-
Distinguished Name
-
The Distinguished Name of a certificate should be unique unless the
same subject has several certificates issued by the same Certificate Authority
(i.e., owns several key pairs that need to be certified by the same CA).
-
Site certificate CertificateInfo fields
-
The following are the mandatory or recommended values for the fields
of the certificateInfo for an SSL 2 server certificate.
| Field |
Value |
Required |
Comment |
| version |
0 |
Required |
x509v1 |
| signature |
md2WithRSAEncryption
md5WithRSAEncryption |
md5 is Recommended |
From PKCS #1 |
| subjectPublicKeyInfo.algorithm |
rsaEncryption |
Required |
From PKCS #1 |
| subject.commonName |
See below |
Host name pattern required to avoid user seeing a warning dialog. See
below. |
  |
-
Signature Algorithm
-
Use of md5WithRSAEncryption is recommended. The MD2 algorithm is currently
supported, but in January of 1996, RSA began recommending that vendors
cease using MD2 due to a potential new weakness found in the algorithm.
Consequently,
support for MD2 will be discontinued in a future release.
-
Subject Common Name
-
The subject.commonName field should contain a pattern (such
as *.netscape.com) that matches the DNS name of the host with
which the client is connecting (such as home.netscape.com). Encoding
a host name in this field is used to defeat a potential man in the middle
attack.
Navigator 2.0 checks the name referenced or typed by the user (the URL
displayed in Navigator's Location field) against the pattern
in the subject.commonName field. Note that Navigator does
not check the result of a double-reverse-DNS lookup on the name.
Netscape Navigator 2.0 applies the following matching rules to the pattern
in the subject.commonName field:
- * matches anything
- ? matches one character
- \ will escape a special character
- $ matches the end of the string
- [abc] matches one occurrence of a,
b,
or c. The only character that needs to be escaped in this
is ], all others are not special.
- [a-z] matches any character between a
and z
- [^az] matches any character except a
or z
- ~ followed by another shell expression will remove
any pattern matching the shell expression from the match list
- (foo|bar) will match either the substring
foo,
or the substring bar. These can be shell expressions as
well.
CERTIFICATE
AUTHORITY
CERTIFICATES
- Key length of signature
- All Certificate Authorities should use 1024-bit RSA keys for signing
certificates. Netscape Navigator 2.0 can not operate on keys larger than
1024 bits.
-
Certificate serial numbers
- Certificate serial numbers should be unique. No Certificate Authority
should issue two certificates with the same serial number.
-
Certificate fingerprint
-
Navigator calculates a certificate fingerprint which the user sees
when they choose "Edit Certificate" from the Security Options
menu. This fingerprint is an MD5 hash of the certificate. Netscape encourages
Certificate Authorities to publish the fingerprint for their certificate
so that users may, if they desire, verify that they have the correct
certificate.
-
Certificate Authority CertificateInfo fields
- The following are the mandatory or recommended values for the fields
of the certificateInfo for a Certificate Authority certificate
that can be downloaded to Navigator 2.0.
| Field |
Value |
Required |
Comment |
| signature |
md2WithRSAEncryption
md5WithRSAEncryption |
Required |
From PKCS #1 |
| subjectPublicKeyInfo.algorithm |
rsaEncryption |
Required |
From PKCS #1 |
| subject.commonName |
See Below |
Recommended |
|
-
Signature Algorithm
-
Use of md5WithRSAEncryption is recommended. The MD2 algorithm is curently
supported, but support will be discontinued in some future release. In
January of 1996 RSA began recommending that vendors cease using MD2 due
to a potential new weakness found in the algorithm.
-
Subject Common Name for CA Certificates
-
Netscape recommends that the commonName for CA certificates
be a user-readable name that describes the CA without the rest of the
Distinguished
Name. (Note the certificate should still contain a complete Distinguished
Name.)
The Common Name will be displayed when the user chooses to view the list
of trusted Certificate Authorities in the Security Preferences dialog box
(under the Options menu). Examples include Netscape Test CA
or Certs-R-Us Level 42 CA. Examples of names that are not
recommended are
Certificate Authority and CA Root.
CERTIFICATE ENCODING
In Netscape Navigator 2.0, users (or administrators) can add new trusted
Certificate Authorities to Navigator's certificate database. To add
a new certificate, users point Navigator at an URL that contains the
new CA certificate. Navigator will recognize and appropriately process
a certificate encoded as follows:
- Encoding
-
The certificate should be a binary DER encoded X.509 certificate with
default 8-bit encoding.
- X.509 versions
-
Netscape Navigator 2.0 can accept CA certificates that are X509 version
1, 2, or 3. However, Navigator 2.0 ignores the fields issuerUniqueID,
subjectUniqueID, and extensions.
-
MIME-type
- The certificate should be delivered to Navigator via the HTTP protocol,
and should be identified by the newly defined MIME type
application/x-x509-ca-cert.
The body of the document should be the DER encoded certificate.
CERTIFICATE
SIGNING
REQUESTS FOR
SSL 2.0 CERTIFICATES
Certificate Signing Requests for SSL 2.0 certificates are issued via email.
CERTIFICATE
REQUESTS
Certificate Signing Requests are emailed to the certificate issuer. They
take the following
form:
Webmaster: webmaster@foo.com
Phone: 415-555-1212
Server: Netscape-Commerce/1.12
Common-name: www.foo.com
Email: webmaster@foo.com
Organization: FooBar Corp.
Org-unit: Web Content Division
Locality: Anytown
State: California
Country: US
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBOTCB5AIBADCBgDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
EDAOBgNVBAcTB0FueXRvd24xFTATBgNVBAoTDEZvb0JhciBDb3JwLjEdMBsGA1UE
CxMUV2ViIENvbnRlbnQgRGl2aXNpb24xFDASBgNVBAMTC3d3dy5mb28uY29tMFow
DQYJKoZIhvcNAQEBBQADSQAwRgJBANwLUqDA13nb1rGDSNNhl6HW77PZJrzec+I3
gO8bYmcSTD8TLZ2u6eHaBsnR4qOcl+/7EoENhowKieTDv+xTz8ECAQOgADANBgkq
hkiG9w0BAQQFAANBANsX9Y9wYVLEnAZD0AaTnCzg0ekA/9MnxCpfDml5SaNjOV2P
xEXStjrijdP/Rb/1vYujpWBLaLS+e2IZwzvPpKI=
-----END NEW CERTIFICATE REQUEST-----
The actual certificate request is a DER encoded PKCS #10 certificate
request that is base64 encoded for email transport.
CERTIFICATE
RESPONSES
The Certificate Authority emails the signed certificate to the requester.
The certificate is a DER encoded X.509 Version 1 certificate that is base64
encoded for email transport.
The server administrator saves the certificate to a file and points
the Commerce Server to the location of the certificate using administrative
utilities.
Here is a sample certificate:
This certificate will expire in 1 days
-----BEGIN CERTIFICATE-----
MIIB8jCCAVsCAgNNMA0GCSqGSIb3DQEBBAUAMEcxCzAJBgNVBAYTAlVTMRAwDgYD
VQQLEwdUZXN0IENBMSYwJAYDVQQKEx1OZXRzY2FwZSBDb21tdW5pY2F0aW9ucyBD
b3JwLjAeFw05NTEyMTkxMDU4NTNaFw05NTEyMjAxMDU4NTNaMIGAMQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEQMA4GA1UEBxMHQW55dG93bjEVMBMG
A1UEChMMRm9vQmFyIENvcnAuMR0wGwYDVQQLExRXZWIgQ29udGVudCBEaXZpc2lv
bjEUMBIGA1UEAxMLd3d3LmZvby5jb20wWjANBgkqhkiG9w0BAQEFAANJADBGAkEA
3AtSoMDXedvWsYNI02GXodbvs9kmvN5z4jeA7xtiZxJMPxMtna7p4doGydHio5yX
7/sSgQ2GjAqJ5MO/7FPPwQIBAzANBgkqhkiG9w0BAQQFAAOBgQBmnCciKst05XSa
7jbIWZ5b7/7eBGmNxlXyJhPrVN+8OKGOL70XifXcangTmeuQ8MhVoUPJbZjkGmo6
K/a3j1GTv1lHkjzAzUSh7X7Y5kotfrj8OZxfsw+95qzGlPWE7f4Uv6RlV/fkXNyg
k0FemXUd5iPnkQ8kU66E2EJxyBmMUQ==
-----END CERTIFICATE-----