0

Why does openssl show different certificate chain for mail.google.com:443 than what Chrome/Firefox shows?

$ openssl s_client -connect mail.google.com:443 < /dev/null | head -10
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
DONE
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---

The above output shows that the top-level certificate belongs to GeoTrust Global CA and it is issued by Equifax Secure Certificate Authority. The server certificate is issued to mail.google.com.

But Chrome and Firefox shows that the top-level certificate is a self-signed root certificate by GeoTrust Global CA. The server certificate appears to be issued to *.google.com.

enter image description here

Even after disabling QUIC via chrome://flags, I still can't see the Equifax certificate in the certificate chain, although the server certificate now appears to be issued to mail.google.com.

enter image description here

Why do I see different Equifax certificate in OpenSSL but not in Firefox/Chrome?

Lone Learner
  • 968
  • 1
  • 9
  • 18
  • For the two trust roots for Google (GeoTrust and Equifax) dupe of https://security.stackexchange.com/questions/93081/gmail-x-509-certificate-chain (disclosure: mine) and several more linked there; for more about openssl handling see https://security.stackexchange.com/questions/110077/python-requests-ssl-verification and https://security.stackexchange.com/questions/118062/use-openssl-to-individually-verify-components-of-a-certificate-chain – dave_thompson_085 May 05 '17 at 04:03

1 Answers1

0

Chrome is not using HTTPS as you are doing with openssl s_client but it uses the QUIC protocol to access the site. In the Security Overview (developer tools) you can see:

The connection to this site is encrypted and authenticated using a strong protocol (QUIC), a strong key exchange (X25519), and a strong cipher (AES_128_GCM).

This means it accesses a different service which provides a different certificate. For why they offer a different certificate there you have to ask Google.

Once you disable QUIC in chrome://flags and relaunch the browser you get the same certificate as openssl, i.e. the one for mail.google.com. And the Security Overview now shows:

The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_ECDSA with X25519), and a strong cipher (AES_128_GCM).

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434
  • After I disabled QUIC, Security Overview now shows TLS 1.2, but Chrome still shows me the same GeoTrust self-signed root certificate. I still don't see any certificate issued by Equifax. Can you post a screenshot that shows certificate issued by Equifax? – Lone Learner May 04 '17 at 15:03
  • @LoneLearner: The certificate you get is the same. But because Chrome and OpenSSL use different trusted root CA the trust chain is slightly different. Chrome has GeoTrust as Root CA in the browser while with OpenSSL you don't have it in the trust store and thus it must add another element to the trust chain to get to the Equifax certificate in the trust store. Apart from that: please don't change the meaning of the question significantly from asking about certificate details to asking about CA - ask another question instead. – Steffen Ullrich May 04 '17 at 16:18