Introduction
When I get to this subject once again I often see dolorem ipsum in the eyes of interlocutor. I pay my personal tribute to Tim Berners-Lee who modestly name himself as web developer. Who am I then? Probably web amateur.
HTTP is brilliant. This simple and ingenious protocol brought light to the world.
The question is : what is the link in between the https certificate chain and the icon in the browser near the address bar?
Setup
Let's get the certificate for the dev.to
What we see here is the chain :
- Leaf certificate (CN = dev.to)
- Intermediate certificate (CN = GlobalSign Atlas R3 DV TLS CA 2024 Q4)
- Root certificate (CN = GlobalSign Root CA - R3) - implicitly trusted by the browser
:~$ openssl s_client -connect dev.to:443 -showcerts
Connecting to 151.101.66.217
CONNECTED(00000003)
depth=2 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
verify return:1
depth=1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q4
verify return:1
depth=0 CN=dev.to
verify return:1
---
Certificate chain
0 s:CN=dev.to
i:C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q4
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 7 22:00:10 2025 GMT; NotAfter: Feb 8 22:00:09 2026 GMT
-----BEGIN CERTIFICATE-----
MIIGUDCCBTigAwIBAgIQAWQ1KPLfkC70pN8Jc+wF7zANBgkqhkiG9w0BAQsFADBY
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEuMCwGA1UE
AxMlR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyNCBRNDAeFw0yNTAx
MDcyMjAwMTBaFw0yNjAyMDgyMjAwMDlaMBExDzANBgNVBAMMBmRldi50bzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQ2ORjnuRDuJIkWHkjiwUNuu106
2K31kpQ4biv/MyU2aiBFXyfwZA3J3nAVwvWQgfcKGKv4cxc5AMpIn9k6H92+LwyZ
DLmvjTUY0iXgeT06zww7WAkCaVWm4tMrJIIay0FmEefajVgEXiO/eomDPbRP9Wh5
pMYXRhlQ1Xxbi5lV+jZ7YRZ8Qjx0a0dpKW6LTeMx+Ykk41+uZDun0J5S/DdCVdHs
qGQ/i+rGyKaKExROBiveolPbV3nvKmTqHUoNTE9xdx5lmFiX/2ewUNq01dHQSXiK
bunyVILjK2x5mhNSyGUwSUp+rmmSSyulNAN6nVa8OAT63Spzce6qluHAedECAwEA
AaOCA1swggNXMBEGA1UdEQQKMAiCBmRldi50bzAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBR6wUmxn+wr4zFL
M9Aruej3afnhJjBXBgNVHSAEUDBOMAgGBmeBDAECATBCBgorBgEEAaAyCgEDMDQw
MgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRv
cnkvMAwGA1UdEwEB/wQCMAAwgZ4GCCsGAQUFBwEBBIGRMIGOMEAGCCsGAQUFBzAB
hjRodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2Nh
MjAyNHE0MEoGCCsGAQUFBzAChj5odHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29t
L2NhY2VydC9nc2F0bGFzcjNkdnRsc2NhMjAyNHE0LmNydDAfBgNVHSMEGDAWgBRg
kewcAvIO/mNPZctisAIqA1jpszBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3Js
Lmdsb2JhbHNpZ24uY29tL2NhL2dzYXRsYXNyM2R2dGxzY2EyMDI0cTQuY3JsMIIB
fwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgDLOPcViXyEoURfW8Hd+8lu8ppZzUcK
aQWFsMsUwxRY5wAAAZRCyE72AAAEAwBHMEUCIQDc1mIvrvKoBsv7ydejDlWnQ/0v
+71hHEtT8Re/YDG/vAIgam/Q4rLTXWSdR2nSo6s/D+f9mHViZYcwv8BchIGKbvwA
dgAOV5S8866pPjMbLJkHs/eQ35vCPXEyJd0hqSWsYcVOIQAAAZRCyE9RAAAEAwBH
MEUCIEPOQIDuHMa1CskoxOesIu+0gcknyRqpyUnaFnRLFvMgAiEAsABLJF3sSpMf
ydhKYejLUSpyuoM7VSVNGLckc2eb0/MAdwAlL5TCKynpbp9BGnIHK2lcW1L/l6kN
JUC7/NxR7E3uCwAAAZRCyE/2AAAEAwBIMEYCIQDUVJGQvAx/6q85yuMdGh6DVfwE
xCkmEsyE3XG3zaIn1AIhALeFtcR/RJch/+eFo8mcEtQF301IQBoyDxUYEYWhLRS/
MA0GCSqGSIb3DQEBCwUAA4IBAQBWNAPW1x4TKJPDj6NIlzVhyiodHIWBZMRaPVKc
WWo2UPqqToWup3cxArTzVn6Wq90CHvnXT6bGONM9AE9yaG3ulYzcxd4iUl4p8Kka
vWuZxxxN19aH5cw/L+k4VS+M6egPROBcedMEoO0xvfSllTxMc6UQKMkqlzfxu+Xx
mYSph2SFjTTLMj6Dh/jgW6vz0g/rrtxhctBPYKrDgNlLXwDsRZbXfPlmf4+D0v3k
CbbBKOSwO5TjpkIdMp+fZl6JWzGxBoCVjR8HDcIlCv/qfhiEsJkIV+q2H2a/JDzN
fX/26ksGeatVHK4VfwThfrpBf0tTMlJcoWWYgWNiOJEs7/Gq
-----END CERTIFICATE-----
1 s:C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q4
i:OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 17 03:09:40 2024 GMT; NotAfter: Jul 17 00:00:00 2026 GMT
-----BEGIN CERTIFICATE-----
MIIEkDCCA3igAwIBAgIRAIF81RQm8t32/1iAIsiFVPYwDQYJKoZIhvcNAQELBQAw
TDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkds
b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMjQwNzE3MDMwOTQwWhcN
MjYwNzE3MDAwMDAwWjBYMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2ln
biBudi1zYTEuMCwGA1UEAxMlR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0Eg
MjAyNCBRNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOCRJsRiWdvk
//JkfwxqxdyBjpBRyf9hnvqpK0sGXYq/1lELxkHYFc3sI84sotxVuYPTZef+KILX
cTmvs2SNOvpofDDgWG2HmJcTUgf1F7ZEcsAOzSVwPNZUpqsNL4EbxbbH6Bns2RlV
nA5CygsfjDbCRAl3HRgHcPR+oJ2JbgqY6STT+7Kgbn8ZsQ0nG3iWxLKwd/CbAE/v
Ew9ziXHC7PkTLM1AxIXRRySGoUB+EQ4Vf1s42zrc6nTtyNncIFFDmLgMLBOdIXQQ
H1i17r3hmeUrVbNqPzROFson+Uar41e/dWxJHGl//LKOmuG7H8bO0sj6dX3nD5eM
ITtc11WkukMCAwEAAaOCAV8wggFbMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4E
FgQUYJHsHALyDv5jT2XLYrACKgNY6bMwHwYDVR0jBBgwFoAUj/BLf6guRSSuTVD6
Y5qL3uLdG7wwewYIKwYBBQUHAQEEbzBtMC4GCCsGAQUFBzABhiJodHRwOi8vb2Nz
cDIuZ2xvYmFsc2lnbi5jb20vcm9vdHIzMDsGCCsGAQUFBzAChi9odHRwOi8vc2Vj
dXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9yb290LXIzLmNydDA2BgNVHR8ELzAt
MCugKaAnhiVodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QtcjMuY3JsMCEG
A1UdIAQaMBgwCAYGZ4EMAQIBMAwGCisGAQQBoDIKAQMwDQYJKoZIhvcNAQELBQAD
ggEBAD3KE6Hs12ahVEfIugBDwbQA1O9Lf/ZOYuhmKI/o5wGEE4RLSe4mEFIRpF+b
mhCipBau7lDPgMLMJb2dwJEUHVi+nUk36y7B9LcnM4CZr0cYaa4PsTkZtpANfkLa
/35Uitk9p+nmcr6KP0v7CU4yJu2zGawK1TMfeEkmyxxPV9dECIM7hiu5vrIVJo1H
F5TNwODKpVnPIUAVMGkdK8B4Mdbd1FVjkhQlMwEUScl2aAsv6ji1K+j5MwPvTU/a
I5JOoIHyMXnq5TwAClAmZxzZ2YHY2fR/oL/59Qy8U+RaBqgK2/Vf93IwFMyPP836
v2EqJED5yaIwUb45KjP7es1C808=
-----END CERTIFICATE-----
---
Server certificate
subject=CN=dev.to
issuer=C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q4
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3446 bytes and written 538 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Protocol: TLSv1.2
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: E52D02DFE2963AC716D7FC6CF0DE0B19CD26ED7DBD8702B730B2A764D61FFB93
Session-ID-ctx:
Master-Key: 3997597DF103A8BBA763F6DA1146AF234F5110AD20A9AC9E067B45596CCAE908D1F932D7C2B785790985D287DCF55255
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 12 b1 47 62 83 d2 07 b1-a9 20 09 da 99 9d 01 79 ..Gb..... .....y
0010 - 67 99 5f 67 29 d7 ec 01-13 b4 21 8d 19 ca da 13 g._g).....!.....
0020 - dd 97 b2 69 b9 8c ac 3a-17 af fc 93 05 f6 7a c1 ...i...:......z.
0030 - f3 67 7b 03 3b 40 39 7e-d3 44 b7 88 2e 17 2d f3 .g{.;@9~.D....-.
0040 - a1 40 e3 27 15 0a 60 fd-01 18 1b 16 07 9c 1a 9f .@.'..`.........
0050 - e5 f2 3e ef 22 00 eb 5d-01 e1 ef a7 13 39 55 b1 ..>."..].....9U.
0060 - 00 ef 3f b0 97 67 f7 e7-c2 b7 32 1d fe c4 eb d3 ..?..g....2.....
0070 - e6 43 bc 50 33 ac 0e 98-65 09 4c 82 ae a9 84 e2 .C.P3...e.L.....
0080 - 81 52 f4 04 ba bd 3d 75-51 4f 0a 36 15 5d b4 38 .R....=uQO.6.].8
0090 - b3 ee e3 54 81 15 41 55-22 b8 93 d7 30 e0 6c d7 ...T..AU"...0.l.
00a0 - 4c d2 25 ce a4 90 16 1d-e0 b9 09 c3 7b e6 9b 24 L.%.........{..$
00b0 - 5a d9 0d 4b 58 ba 6f 07-48 a0 30 7a 0a 72 e8 a4 Z..KX.o.H.0z.r..
Start Time: 1760808666
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
closed
Now let's extract the first certificate to dev.to.pem and the second to intermediate.pem.
And then verify both :
:~$ openssl verify -CAfile intermediate.pem dev.to.pem
dev.to.pem: OK
:~$ openssl verify intermediate.pem
intermediate.pem: OK
“We need to go deeper” (from Inception, 2010).
:~$ openssl x509 -in dev.to.pem -noout -text | grep "Signature Algorithm" | head -n 1
Signature Algorithm: sha256WithRSAEncryption
The following gives that :
- hash algorithm is
SHA-256 - the public key algorithm is
RSA - hence we need to verify
RSA signature of SHA256(tbsCertificate)
Let's extract the intermediate certificate public key :
:~$ openssl x509 -in intermediate.pem -pubkey -noout > intermediate_pubkey.pem
:~$ cat intermediate_pubkey.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JEmxGJZ2+T/8mR/DGrF
3IGOkFHJ/2Ge+qkrSwZdir/WUQvGQdgVzewjziyi3FW5g9Nl5/4ogtdxOa+zZI06
+mh8MOBYbYeYlxNSB/UXtkRywA7NJXA81lSmqw0vgRvFtsfoGezZGVWcDkLKCx+M
NsJECXcdGAdw9H6gnYluCpjpJNP7sqBufxmxDScbeJbEsrB38JsAT+8TD3OJccLs
+RMszUDEhdFHJIahQH4RDhV/WzjbOtzqdO3I2dwgUUOYuAwsE50hdBAfWLXuveGZ
5StVs2o/NE4Wyif5RqvjV791bEkcaX/8so6a4bsfxs7SyPp1fecPl4whO1zXVaS6
QwIDAQAB
-----END PUBLIC KEY-----
Extract the tbsCertificate (to be signed), flash-forward, we need these lines : 4:d=1 hl=4 l=1336 cons: SEQUENCE and 1359:d=1 hl=4 l= 257 prim: BIT STRING
:~$ openssl asn1parse -in dev.to.pem
0:d=0 hl=4 l=1616 cons: SEQUENCE
4:d=1 hl=4 l=1336 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 16 prim: INTEGER :01643528F2DF902EF4A4DF0973EC05EF
31:d=2 hl=2 l= 13 cons: SEQUENCE
33:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
44:d=3 hl=2 l= 0 prim: NULL
46:d=2 hl=2 l= 88 cons: SEQUENCE
48:d=3 hl=2 l= 11 cons: SET
50:d=4 hl=2 l= 9 cons: SEQUENCE
52:d=5 hl=2 l= 3 prim: OBJECT :countryName
57:d=5 hl=2 l= 2 prim: PRINTABLESTRING :BE
61:d=3 hl=2 l= 25 cons: SET
63:d=4 hl=2 l= 23 cons: SEQUENCE
65:d=5 hl=2 l= 3 prim: OBJECT :organizationName
70:d=5 hl=2 l= 16 prim: PRINTABLESTRING :GlobalSign nv-sa
88:d=3 hl=2 l= 46 cons: SET
90:d=4 hl=2 l= 44 cons: SEQUENCE
92:d=5 hl=2 l= 3 prim: OBJECT :commonName
97:d=5 hl=2 l= 37 prim: PRINTABLESTRING :GlobalSign Atlas R3 DV TLS CA 2024 Q4
136:d=2 hl=2 l= 30 cons: SEQUENCE
138:d=3 hl=2 l= 13 prim: UTCTIME :250107220010Z
153:d=3 hl=2 l= 13 prim: UTCTIME :260208220009Z
168:d=2 hl=2 l= 17 cons: SEQUENCE
170:d=3 hl=2 l= 15 cons: SET
172:d=4 hl=2 l= 13 cons: SEQUENCE
174:d=5 hl=2 l= 3 prim: OBJECT :commonName
179:d=5 hl=2 l= 6 prim: UTF8STRING :dev.to
187:d=2 hl=4 l= 290 cons: SEQUENCE
191:d=3 hl=2 l= 13 cons: SEQUENCE
193:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
204:d=4 hl=2 l= 0 prim: NULL
206:d=3 hl=4 l= 271 prim: BIT STRING
481:d=2 hl=4 l= 859 cons: cont [ 3 ]
485:d=3 hl=4 l= 855 cons: SEQUENCE
489:d=4 hl=2 l= 17 cons: SEQUENCE
491:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
496:d=5 hl=2 l= 10 prim: OCTET STRING [HEX DUMP]:300882066465762E746F
508:d=4 hl=2 l= 14 cons: SEQUENCE
510:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
515:d=5 hl=2 l= 1 prim: BOOLEAN :255
518:d=5 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
524:d=4 hl=2 l= 29 cons: SEQUENCE
526:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
531:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302
555:d=4 hl=2 l= 29 cons: SEQUENCE
557:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
562:d=5 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04147AC149B19FEC2BE3314B33D02BB9E8F769F9E126
586:d=4 hl=2 l= 87 cons: SEQUENCE
588:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
593:d=5 hl=2 l= 80 prim: OCTET STRING [HEX DUMP]:304E3008060667810C0102013042060A2B06010401A0320A01033034303206082B06010505070201162668747470733A2F2F7777772E676C6F62616C7369676E2E636F6D2F7265706F7369746F72792F
675:d=4 hl=2 l= 12 cons: SEQUENCE
677:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
682:d=5 hl=2 l= 1 prim: BOOLEAN :255
685:d=5 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
689:d=4 hl=3 l= 158 cons: SEQUENCE
692:d=5 hl=2 l= 8 prim: OBJECT :Authority Information Access
702:d=5 hl=3 l= 145 prim: OCTET STRING [HEX DUMP]:30818E304006082B060105050730018634687474703A2F2F6F6373702E676C6F62616C7369676E2E636F6D2F63612F677361746C617372336476746C736361323032347134304A06082B06010505073002863E687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F6361636572742F677361746C617372336476746C7363613230323471342E637274
850:d=4 hl=2 l= 31 cons: SEQUENCE
852:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
857:d=5 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:301680146091EC1C02F20EFE634F65CB62B0022A0358E9B3
883:d=4 hl=2 l= 72 cons: SEQUENCE
885:d=5 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
890:d=5 hl=2 l= 65 prim: OCTET STRING [HEX DUMP]:303F303DA03BA0398637687474703A2F2F63726C2E676C6F62616C7369676E2E636F6D2F63612F677361746C617372336476746C7363613230323471342E63726C
957:d=4 hl=4 l= 383 cons: SEQUENCE
961:d=5 hl=2 l= 10 prim: OBJECT :CT Precertificate SCTs
973:d=5 hl=4 l= 367 prim: OCTET STRING [HEX DUMP]:0482016B0169007600CB38F715897C84A1445F5BC1DDFBC96EF29A59CD470A690585B0CB14C31458E70000019442C84EF60000040300473045022100DCD6622FAEF2A806CBFBC9D7A30E55A743FD2FFBBD611C4B53F117BF6031BFBC02206A6FD0E2B2D35D649D4769D2A3AB3F0FE7FD987562658730BFC05C84818A6EFC0076000E5794BCF3AEA93E331B2C9907B3F790DF9BC23D713225DD21A925AC61C54E210000019442C84F510000040300473045022043CE4080EE1CC6B50AC928C4E7AC22EFB481C927C91AA9C949DA16744B16F320022100B0004B245DEC4A931FC9D84A61E8CB512A72BA833B55254D18B72473679BD3F3007700252F94C22B29E96E9F411A72072B695C5B52FF97A90D2540BBFCDC51EC4DEE0B0000019442C84FF60000040300483046022100D4549190BC0C7FEAAF39CAE31D1A1E8355FC04C4292612CC84DD71B7CDA227D4022100B785B5C47F449721FFE785A3C99C12D405DF4D48401A320F15181185A12D14BF
1344:d=1 hl=2 l= 13 cons: SEQUENCE
1346:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
1357:d=2 hl=2 l= 0 prim: NULL
1359:d=1 hl=4 l= 257 prim: BIT STRING
Now :
:~$ openssl asn1parse -in dev.to.pem -out dev.to.der -noout -strparse 4
:~$ cat dev.to.der
0�8�d5(�*�H�� s��0
0X1
0 UBE10U
U60208220009Z0101.0,U%GlobalSign Atlas R3 DV TLS CA 2024 Q40
�0�v.to0*�H��
��p�����H��Cn�]:ح���8n+�3%6j E_'�d
��s9�H��:ݾ/
�
���5�%�y=:�
LOqwe�X��g�Pڴ���Ix�n��T��+ly�R�e0IJ~�i�K+�4z�V�8��*sq��y���[0�W0U��U�6{a|B<tkGi)n�M�1��$�_�d;�ОR�7BU��d?���Ȧ�N+ޢS�Wy�*d�J
�dev.to0U��0U%+0Uz�I���+�1K3�+���i��&0WU P0Ng�
0B
+�2
040+&https://www.globalsign.com/repository/0
U�00�+��0��0+0�4http://ocsp.globalsign.com/ca/gsatlasr3dvtlsca2024q40+0�>http://secure.globalsign.com/cacert/gsatlasr3dvtlsca2024q4.crt0U#0�`����cOe�b�*X�0HUA0?0=�;�9�7http://crl.globalsign.com/ca/gsatlasr3dvtlsca2024q4.crl0�
+�y�o�kiv�8��|��D_[����n�Y�G
i����X��B�N�G0E!��b/�����ףU�C�/��aKS��`1�� jo���]d�Giң�?���ube�0��\���n�vW���>3���ߛ�=q2%�!�%�a�N!�B�OQG0E C�@��Ƶ
%@���Q�M�␦��I�tK� !�K$]�J���Ja��Q*r��;U%M�$sg���w%/��+)�n�A␦r+i\[R���
�B�O�H0F!�T���
�9��␦�U��)&̄�q�͢'�!����D�!�煣ɜ��MH@␦2��-�
Extract the bit string given 1359:d=1 hl=4 l= 257 prim: BIT STRING
:~$ openssl asn1parse -in dev.to.pem -out signature.der -strparse 1359 -noout
:~$ wc -c signature.der
256 signature.der
:~$ cat signature.der
V4��(�Ï�H�5a�*��d�Z=R�Yj6P��N���w1��V~�����O��8�=Orhm���"R^)�␦�k��M�և��?/�8U/���D�\y���1���<Ls�(�*�7���d��4�2>����[�����ar�O`�À�K_��%�|�f����� ��(�;��B2��f^�[1����
��~��W�f�$<�}��Ky�U��~�AKS2R\�e��cb8�,��
Verification:
:~$ openssl dgst -sha256 -verify intermediate_pubkey.pem -signature signature.der dev.to.der
Verified OK
“We need to go deeper”
Now know that the critical step here is to understand that verification is the following
- extract the certificate information besides signature
dev.to.der - hash the certificate information
- apply public key from the intermediate certificate to the signature
- compare both Let's look again at our certificate :
:~$ openssl x509 -in dev.to.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:64:35:28:f2:df:90:2e:f4:a4:df:09:73:ec:05:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q4
Validity
Not Before: Jan 7 22:00:10 2025 GMT
Not After : Feb 8 22:00:09 2026 GMT
Subject: CN=dev.to
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e4:36:39:18:e7:b9:10:ee:24:89:16:1e:48:e2:
c1:43:6e:bb:5d:3a:d8:ad:f5:92:94:38:6e:2b:ff:
33:25:36:6a:20:45:5f:27:f0:64:0d:c9:de:70:15:
c2:f5:90:81:f7:0a:18:ab:f8:73:17:39:00:ca:48:
9f:d9:3a:1f:dd:be:2f:0c:99:0c:b9:af:8d:35:18:
d2:25:e0:79:3d:3a:cf:0c:3b:58:09:02:69:55:a6:
e2:d3:2b:24:82:1a:cb:41:66:11:e7:da:8d:58:04:
5e:23:bf:7a:89:83:3d:b4:4f:f5:68:79:a4:c6:17:
46:19:50:d5:7c:5b:8b:99:55:fa:36:7b:61:16:7c:
42:3c:74:6b:47:69:29:6e:8b:4d:e3:31:f9:89:24:
e3:5f:ae:64:3b:a7:d0:9e:52:fc:37:42:55:d1:ec:
a8:64:3f:8b:ea:c6:c8:a6:8a:13:14:4e:06:2b:de:
a2:53:db:57:79:ef:2a:64:ea:1d:4a:0d:4c:4f:71:
77:1e:65:98:58:97:ff:67:b0:50:da:b4:d5:d1:d0:
49:78:8a:6e:e9:f2:54:82:e3:2b:6c:79:9a:13:52:
c8:65:30:49:4a:7e:ae:69:92:4b:2b:a5:34:03:7a:
9d:56:bc:38:04:fa:dd:2a:73:71:ee:aa:96:e1:c0:
79:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:dev.to
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
7A:C1:49:B1:9F:EC:2B:E3:31:4B:33:D0:2B:B9:E8:F7:69:F9:E1:26
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.4146.10.1.3
CPS: https://www.globalsign.com/repository/
X509v3 Basic Constraints: critical
CA:FALSE
Authority Information Access:
OCSP - URI:http://ocsp.globalsign.com/ca/gsatlasr3dvtlsca2024q4
CA Issuers - URI:http://secure.globalsign.com/cacert/gsatlasr3dvtlsca2024q4.crt
X509v3 Authority Key Identifier:
60:91:EC:1C:02:F2:0E:FE:63:4F:65:CB:62:B0:02:2A:03:58:E9:B3
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.globalsign.com/ca/gsatlasr3dvtlsca2024q4.crl
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CB:38:F7:15:89:7C:84:A1:44:5F:5B:C1:DD:FB:C9:6E:
F2:9A:59:CD:47:0A:69:05:85:B0:CB:14:C3:14:58:E7
Timestamp : Jan 7 22:00:11.254 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:DC:D6:62:2F:AE:F2:A8:06:CB:FB:C9:
D7:A3:0E:55:A7:43:FD:2F:FB:BD:61:1C:4B:53:F1:17:
BF:60:31:BF:BC:02:20:6A:6F:D0:E2:B2:D3:5D:64:9D:
47:69:D2:A3:AB:3F:0F:E7:FD:98:75:62:65:87:30:BF:
C0:5C:84:81:8A:6E:FC
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
Timestamp : Jan 7 22:00:11.345 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:43:CE:40:80:EE:1C:C6:B5:0A:C9:28:C4:
E7:AC:22:EF:B4:81:C9:27:C9:1A:A9:C9:49:DA:16:74:
4B:16:F3:20:02:21:00:B0:00:4B:24:5D:EC:4A:93:1F:
C9:D8:4A:61:E8:CB:51:2A:72:BA:83:3B:55:25:4D:18:
B7:24:73:67:9B:D3:F3
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 25:2F:94:C2:2B:29:E9:6E:9F:41:1A:72:07:2B:69:5C:
5B:52:FF:97:A9:0D:25:40:BB:FC:DC:51:EC:4D:EE:0B
Timestamp : Jan 7 22:00:11.510 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D4:54:91:90:BC:0C:7F:EA:AF:39:CA:
E3:1D:1A:1E:83:55:FC:04:C4:29:26:12:CC:84:DD:71:
B7:CD:A2:27:D4:02:21:00:B7:85:B5:C4:7F:44:97:21:
FF:E7:85:A3:C9:9C:12:D4:05:DF:4D:48:40:1A:32:0F:
15:18:11:85:A1:2D:14:BF
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
56:34:03:d6:d7:1e:13:28:93:c3:8f:a3:48:97:35:61:ca:2a:
1d:1c:85:81:64:c4:5a:3d:52:9c:59:6a:36:50:fa:aa:4e:85:
ae:a7:77:31:02:b4:f3:56:7e:96:ab:dd:02:1e:f9:d7:4f:a6:
c6:38:d3:3d:00:4f:72:68:6d:ee:95:8c:dc:c5:de:22:52:5e:
29:f0:a9:1a:bd:6b:99:c7:1c:4d:d7:d6:87:e5:cc:3f:2f:e9:
38:55:2f:8c:e9:e8:0f:44:e0:5c:79:d3:04:a0:ed:31:bd:f4:
a5:95:3c:4c:73:a5:10:28:c9:2a:97:37:f1:bb:e5:f1:99:84:
a9:87:64:85:8d:34:cb:32:3e:83:87:f8:e0:5b:ab:f3:d2:0f:
eb:ae:dc:61:72:d0:4f:60:aa:c3:80:d9:4b:5f:00:ec:45:96:
d7:7c:f9:66:7f:8f:83:d2:fd:e4:09:b6:c1:28:e4:b0:3b:94:
e3:a6:42:1d:32:9f:9f:66:5e:89:5b:31:b1:06:80:95:8d:1f:
07:0d:c2:25:0a:ff:ea:7e:18:84:b0:99:08:57:ea:b6:1f:66:
bf:24:3c:cd:7d:7f:f6:ea:4b:06:79:ab:55:1c:ae:15:7f:04:
e1:7e:ba:41:7f:4b:53:32:52:5c:a1:65:98:81:63:62:38:91:
2c:ef:f1:aa
And tbsCertificate :
:~$ openssl asn1parse -in dev.to.der -inform DER
0:d=0 hl=4 l=1336 cons: SEQUENCE
4:d=1 hl=2 l= 3 cons: cont [ 0 ]
6:d=2 hl=2 l= 1 prim: INTEGER :02
9:d=1 hl=2 l= 16 prim: INTEGER :01643528F2DF902EF4A4DF0973EC05EF
27:d=1 hl=2 l= 13 cons: SEQUENCE
29:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
40:d=2 hl=2 l= 0 prim: NULL
42:d=1 hl=2 l= 88 cons: SEQUENCE
44:d=2 hl=2 l= 11 cons: SET
46:d=3 hl=2 l= 9 cons: SEQUENCE
48:d=4 hl=2 l= 3 prim: OBJECT :countryName
53:d=4 hl=2 l= 2 prim: PRINTABLESTRING :BE
57:d=2 hl=2 l= 25 cons: SET
59:d=3 hl=2 l= 23 cons: SEQUENCE
61:d=4 hl=2 l= 3 prim: OBJECT :organizationName
66:d=4 hl=2 l= 16 prim: PRINTABLESTRING :GlobalSign nv-sa
84:d=2 hl=2 l= 46 cons: SET
86:d=3 hl=2 l= 44 cons: SEQUENCE
88:d=4 hl=2 l= 3 prim: OBJECT :commonName
93:d=4 hl=2 l= 37 prim: PRINTABLESTRING :GlobalSign Atlas R3 DV TLS CA 2024 Q4
132:d=1 hl=2 l= 30 cons: SEQUENCE
134:d=2 hl=2 l= 13 prim: UTCTIME :250107220010Z
149:d=2 hl=2 l= 13 prim: UTCTIME :260208220009Z
164:d=1 hl=2 l= 17 cons: SEQUENCE
166:d=2 hl=2 l= 15 cons: SET
168:d=3 hl=2 l= 13 cons: SEQUENCE
170:d=4 hl=2 l= 3 prim: OBJECT :commonName
175:d=4 hl=2 l= 6 prim: UTF8STRING :dev.to
183:d=1 hl=4 l= 290 cons: SEQUENCE
187:d=2 hl=2 l= 13 cons: SEQUENCE
189:d=3 hl=2 l= 9 prim: OBJECT :rsaEncryption
200:d=3 hl=2 l= 0 prim: NULL
202:d=2 hl=4 l= 271 prim: BIT STRING
477:d=1 hl=4 l= 859 cons: cont [ 3 ]
481:d=2 hl=4 l= 855 cons: SEQUENCE
485:d=3 hl=2 l= 17 cons: SEQUENCE
487:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
492:d=4 hl=2 l= 10 prim: OCTET STRING [HEX DUMP]:300882066465762E746F
504:d=3 hl=2 l= 14 cons: SEQUENCE
506:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
511:d=4 hl=2 l= 1 prim: BOOLEAN :255
514:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
520:d=3 hl=2 l= 29 cons: SEQUENCE
522:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
527:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030106082B06010505070302
551:d=3 hl=2 l= 29 cons: SEQUENCE
553:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
558:d=4 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:04147AC149B19FEC2BE3314B33D02BB9E8F769F9E126
582:d=3 hl=2 l= 87 cons: SEQUENCE
584:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Certificate Policies
589:d=4 hl=2 l= 80 prim: OCTET STRING [HEX DUMP]:304E3008060667810C0102013042060A2B06010401A0320A01033034303206082B06010505070201162668747470733A2F2F7777772E676C6F62616C7369676E2E636F6D2F7265706F7369746F72792F
671:d=3 hl=2 l= 12 cons: SEQUENCE
673:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
678:d=4 hl=2 l= 1 prim: BOOLEAN :255
681:d=4 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:3000
685:d=3 hl=3 l= 158 cons: SEQUENCE
688:d=4 hl=2 l= 8 prim: OBJECT :Authority Information Access
698:d=4 hl=3 l= 145 prim: OCTET STRING [HEX DUMP]:30818E304006082B060105050730018634687474703A2F2F6F6373702E676C6F62616C7369676E2E636F6D2F63612F677361746C617372336476746C736361323032347134304A06082B06010505073002863E687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F6361636572742F677361746C617372336476746C7363613230323471342E637274
846:d=3 hl=2 l= 31 cons: SEQUENCE
848:d=4 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
853:d=4 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:301680146091EC1C02F20EFE634F65CB62B0022A0358E9B3
879:d=3 hl=2 l= 72 cons: SEQUENCE
881:d=4 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
886:d=4 hl=2 l= 65 prim: OCTET STRING [HEX DUMP]:303F303DA03BA0398637687474703A2F2F63726C2E676C6F62616C7369676E2E636F6D2F63612F677361746C617372336476746C7363613230323471342E63726C
953:d=3 hl=4 l= 383 cons: SEQUENCE
957:d=4 hl=2 l= 10 prim: OBJECT :CT Precertificate SCTs
969:d=4 hl=4 l= 367 prim: OCTET STRING [HEX DUMP]:0482016B0169007600CB38F715897C84A1445F5BC1DDFBC96EF29A59CD470A690585B0CB14C31458E70000019442C84EF60000040300473045022100DCD6622FAEF2A806CBFBC9D7A30E55A743FD2FFBBD611C4B53F117BF6031BFBC02206A6FD0E2B2D35D649D4769D2A3AB3F0FE7FD987562658730BFC05C84818A6EFC0076000E5794BCF3AEA93E331B2C9907B3F790DF9BC23D713225DD21A925AC61C54E210000019442C84F510000040300473045022043CE4080EE1CC6B50AC928C4E7AC22EFB481C927C91AA9C949DA16744B16F320022100B0004B245DEC4A931FC9D84A61E8CB512A72BA833B55254D18B72473679BD3F3007700252F94C22B29E96E9F411A72072B695C5B52FF97A90D2540BBFCDC51EC4DEE0B0000019442C84FF60000040300483046022100D4549190BC0C7FEAAF39CAE31D1A1E8355FC04C4292612CC84DD71B7CDA227D4022100B785B5C47F449721FFE785A3C99C12D405DF4D48401A320F15181185A12D14BF
Comput SHA-256 of the tbsCertificate :
:~$ openssl dgst -sha256 dev.to.der
SHA2-256(dev.to.der)= 37058d7b5a35ebe02ea6baf4b267fadf4474c0f87116e16ef870d57b47ef9d09
Now let's decrypt the signature with the public key of the intermediate certificate :
:~$ openssl pkeyutl -verifyrecover -pubin -inkey intermediate_pubkey.pem -in signature.der -pkeyopt rsa_padding_mode:none -hexdump
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0070 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0080 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0090 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00a0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00b0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
00c0 - ff ff ff ff ff ff ff ff-ff ff ff ff 00 30 31 30 .............010
00d0 - 0d 06 09 60 86 48 01 65-03 04 02 01 05 00 04 20 ...`.H.e.......
00e0 - 37 05 8d 7b 5a 35 eb e0-2e a6 ba f4 b2 67 fa df 7..{Z5.......g..
00f0 - 44 74 c0 f8 71 16 e1 6e-f8 70 d5 7b 47 ef 9d 09 Dt..q..n.p.{G...
As you may see in the lines 00e0 and 00f0 are matching with the signature of the tbsCertificate.
Bingo!
Summary
Here above you may see a simple example how to manually verify the certificate validity :
- extract the
tbsCertificatechunk from the leaf certificate - compute hash
- extract public key from the intermediate certificate
- decrypt signature of the leaf certificate
- compare both - if they are matching then we are good Then there is a question where is the certificate store with the root CA located ? Well, this is product dependent and system dependent. Technology at the present level looks like magic, still it's essential to understand how the internet works. Cheers!
Top comments (0)