3

I want to generate a root certificate and SSL certificate (self-signed) for communication between an embedded device and our backend servers (IIS 8.0).

I used OpenSSL to generate a certificate with the following steps:

Here's how I created the root certificate:

openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 7305 -in ca.csr -out ca.crt -signkey ca.key

Then I made the SSL certificate like this:

openssl genrsa -out mydomain.com.key 2048
openssl req -new -key mydomain.com.key -out mydomain.com.csr
openssl x509 -req -days 7305 -in mydomain.com.csr -CA ./ca.crt -CAkey ./ca.key -CAcreateserial -out mydomain.com.crt

This all worked fine.

After importing in IIS, I get the following supported cipher suites:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

My embedded device can only handle:

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256

I know the limitation is not in our Windows configuration or our IIS, because the sites hosted on that same web server (with our GoDaddy certificate), do support all 4 of these suites.

So I figure I must generate the certificate in another way. I just don't know how ...

H. Lowette
  • 141
  • 1
  • 5
  • See http://security.stackexchange.com/questions/7440/what-ciphers-should-i-use-in-my-web-server-after-i-configure-my-ssl-certificate for info on how the certificate type impacts the choice of the key agreement between the client and the server. – mti2935 Nov 17 '15 at 16:54
  • @jaeckel has a point. Let's check on the `X509v3 Key Usage` section. for that IIS cert. Could you post that section here? (Output of `openssl x509 -in mydomain.com.crt -noout -text` will do. Redact output as you see fit.) – StackzOfZtuff Nov 18 '15 at 07:29

2 Answers2

3

The certificate you created misses the "Certificate Key Usage" extension with the property "Key Encipherment" enabled.

Therefore it isn't allowed for the server to use the RSA key in the certificate for the key exchange and as a result the server only offers Cipher Suites with Ephemeral Keys.

jaeckel
  • 111
  • 3
  • Interesting. Right. I forgot about that. Not certain though. – StackzOfZtuff Nov 18 '15 at 07:18
  • It seems a lot more likely than the cipher suites not being enabled on the server. As I stated in the original post, the required cipher suites work in another site on the same IIS (but with another certificate). I'll post back after I had a chance to try this out. – H. Lowette Nov 18 '15 at 07:19
1

Update 2015-11-18Wed: Check Jaeckel's answer.

Jaeckel raises a valid point that I forgot. The cert might NOT be fine after all. Please check the X509v3 Key Usage section.

Original post preserved below line.


Certificate is fine.

There is just no ciphersuite overlap. Namely: your IIS only speaks Forward-Secure ciphersuites and your embedded device only speaks NON-Forward-Secure ciphersuites.

Try running IISCrypto and use it to allow your IIS to speak at least one the of the cipher suites that the embedded device speaks.

You could go with TLS_RSA_WITH_AES_128_CBC_SHA is Mandatory To Implement ciphersuite for TLS1.2, so anything that claims TLS1.2 compatibility must be able to speak it)

Sort them so that they are least preferred. That ensures that clients that speak both FS suites and non-FS suites end up with an FS-capable suite.

If however, you insist on using a different certificate type, then your only practical choice besides "RSA" is "ECDSA". But the four embedded suites that you listed are for RSA type certs only.

StackzOfZtuff
  • 17,923
  • 1
  • 51
  • 86