On Mon, Jul 01, 2024 at 03:54:46PM +0100, James Chapman wrote:
> I’ve been using openssl verify to check some certificate chains:
>
> server -> ca -> roota
> server -> alt_ca-> rootb
>
> Certificates ca and alt_ca have the same subject and public key and different issuers.
>
> openssl verify -trusted roota.pem -untrusted ca.pem server.pem
> openssl verify -trusted rootb.pem -untrusted alt_ca.pem server.pem
>
> Work fine, however if I include both the intermediate CAs then verify only succeeds when the correct untrusted CA is first in the list
>
> openssl verify -trusted roota.pem -untrusted ca.pem -untrusted alt_ca.pem server.pem (OK)
> openssl verify -trusted rootb.pem -untrusted ca.pem -untrusted alt_ca.pem server.pem (FAIL: error 20 at 1 depth lookup: unable to get local issuer certificate)
>
> Is there a mechanism to support both ca.pem and alt_ca.pem without knowing which root the client has?
Please post the actual certificates in question. Verification should
succeed regardless of which of "ca" or "alt_ca" is listed first,
*provided* both roots are trusted, your mistake is specifying only one
root, with both intermediate issuers.
If the CAs are internal CAs you control, the CA could issue certificates
containing an authority key identifier (AKID) which specifies the the
CA's issuer DN (the root CA subject). This would ensure that the right
issuer is chosen. In practice, you'd still want to trust both roots.
--
Viktor.
