Confused by SSLCaCertificateFile bundle

Question

there's something I can't understand with the SSLCACertificateFile parameter on Apache SSL conf. Put for example I have a ROOT cert "A" that issued an intermediate cert "B". Then, I produced a couple of leaf certificates using B, say "L1", "L2".

Now, according to the documentation, if I want to trust only L1 and L2 I should put "B" and "A" inside a file pointed by SSLCACertificateFile (if I put only certificate "B" Apache gives an unable-to-find-issuer error).

Now, let's produce another certificate, "C", derived from "A" (the root). Would apache trust a peer that's using certificate C? To me, it is a "yes, it will" as Apache will find the issuer of "C" inside the SSLCACertificateFile, it is "A"! But I don't want to trust C, I only want to trust L1 and L2.

Am I missing something?

many thanks!

Answer 1

The underlying TLS stack used by Apache is OpenSSL. OpenSSL requires by default a self-signed root certificate as the ultimate trust anchor which means that it is not enough to only add an intermediate CA certificate to the trust store. Since OpenSSL 1.0.2 there is the flag X509_V_FLAG_PARTIAL_CHAIN which would make this possible but I don't see it used in the Apache source code.

Thus, if you don't have any control of the root-CA and the intermediate CA there is no way to configure Apache to only trust the intermediate CA but not any other certificates directly or indirectly issued by the root-CA.

But, if you have control over the intermediate CA certificate B (i.e. have the private key) then you can issue another CA certificate B2 with the same subject and private key of B, but make it self-signed. Since subject and public key are the same as in B every certificate issued by B can be successfully validated using B2. And since B2 is self-signed you can put it as the only trust anchor into SSLCACertificateFile with the result that only certificates issued by B/B2 are accepted but not other certificates issued by the root A.