0

  1. Can any certificate be used for TLS?

  2. What requirements should the certificate meet for TLS? SHA1/Sha2 {key specs} etc.

schroeder
  • 125,553
  • 55
  • 289
  • 326
Kaleem Rehman
  • 11
  • 2
    This is a very broad question. SSL/TLS is complex stuff. A lot of it is explained [here](https://security.stackexchange.com/q/20803/5405) . Warning, there is a **lot** of information in that link. Get some good coffee, you're going to need it :-) – S.L. Barth Aug 22 '18 at 09:05
  • Your first 2 questions are somewhat related, but the last is completely unrelated and should be its own question. I'm removing that part, but the answer is that the server may be configured to use multiple different versions, and there are multiple tests on the client that tell you what version was *negotiated* and tools that will try every different version to tell you what the server can offer. – schroeder Aug 22 '18 at 09:17

1 Answers1

1

Can any certificate be used for TLS?

No. There are certificates for example for code signing, certificates which are only used to issue other certificates, ... How a certificate can be used is defined by various parts of the certificate, i.e. mainly basic constraints, key usage and extended key usage.

For some more information see Which key usages are required by each key exchange method?, Is the Extended Key Usage extension mandatory on the web?, TLS/SSL Certificate - Key usage and encryption, Can I use a code signing certificate as a TLS certificate?, Can I use the same ssl cert to protect my web site and sign my app?.

What requirements should the certificate meet for TLS? SHA1/Sha2 {key specs} etc.

To be wildly accepted the key usage extension should contain at least digitalSignature and keyEncipherment, extended key usage should at least contain serverAuth. Subject alternative names should match the fully qualified domain name, it should be issued directly or indirectly (via an intermediate CA certificate) by a trusted CA, key type should be RSA (better >=2048 bit) or ECC (better >=256 bit), signature algorithm SHA-256 (or better) ... - there are probably some more restrictions in some case like use of X509 extensions for certificate transparency etc. CA's usually do the right thing so just look at the certificate you get for typical web sites.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434