2

The Problem

Lets say, I would like to download every ssl certificate for a specific website to be able to do certificate pinning later on.

How can I query the webserver with openssl, to download all available certificates without knowing any of their properties?


EXEMPLE

The domain api.cyberghostvpn.com has certificates with the following signatures:

  • ECDSA+SHA256
  • RSA+SHA256
  • RSA+SHA1

To download those, you can use the following commands:

echo | \
openssl s_client -connect api.cyberghostvpn.com:443 2>/dev/null -sigalgs 'ECDSA+SHA256' 2>/dev/null | \ openssl x509 -outform DER > api_ECDSA+SHA256.crt
echo | \ echo | \
openssl s_client -connect api.cyberghostvpn.com:443 2>/dev/null -sigalgs 'RSA+SHA256' 2>/dev/null | \ openssl x509 -outform DER > api_RSA+SHA256.crt
echo | \
openssl s_client -connect api.cyberghostvpn.com:443 2>/dev/null -sigalgs 'RSA+SHA1' 2>/dev/null | \ openssl x509 -outform DER > api_RSA+SHA1.crt


REPLIES

@Seth:

  1. You do not need to be the domain owner to have an interest on the public ssl certificate of a website.
    In my case, I was interested in those certificates, because I am now using their fingerprints in a custom TrustManager (Java) I wrote to make sure I get the correct certificates. I'm using this in a custom okHTTP client so I can connect directly to the api server (know the IPs) without requiring a DNS lookup (which can be blocked in certain countries...).

  2. Cloudflare does not allow to download these certificates, in their web interface.

@Alex:

FIRST COMMENT - these commands were actually executed one by one (superuser was removing my lines ... sorry) - To your answer:
Your command only prints out the certificate chain of this one valid ssl connection.
The chain starts at the root authority and ends with the server certificate.
On the servers there are multiple ssl certificates installed to increase client compatibility (so newer clients can establish a more secure connection). Each of the commands I specified above downloads a different server certificate depending on what cipher suite + hash algorithm I allowed with '-sigalgs'.


SECOND COMMENT

You don't believe me? Look at the output!

  • Serial Numbers:
    • 96:4f:da:8c:12:ff:3f:c0:9b:65:71:33:31:f6:fc:7e
    • 1f:78:84:e8:e5:e8:72:7b:43:36:12:7f:15:32:14:46
    • be:b3:dc:01:de:39:74:99:7b:99:a1:db:97:d4:34:46
  • Signature Algorithms:
    • sha256WithRSAEncryption
    • sha1WithRSAEncryption
    • ecdsa-with-SHA256
  • Subject Alternative Name
    • DNS:ssl366066.cloudflaressl.com
    • DNS:*.cyberghostvpn.com
    • DNS:cyberghostvpn.com

First certificate:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            96:4f:da:8c:12:ff:3f:c0:9b:65:71:33:31:f6:fc:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA 2
        Validity
            Not Before: Mar  3 00:00:00 2018 GMT
            Not After : Sep  9 23:59:59 2018 GMT
        Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl366066.cloudflaressl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cd:47:a0:24:81:11:b2:8a:6d:e5:91:02:f0:0e:
                    d6:46:92:5f:28:4b:0c:9e:66:f8:e9:1d:d4:1f:4f:
                    64:70:4a:5d:e9:a2:a6:cc:71:dc:76:15:f3:8a:6c:
                    59:e1:9c:5c:38:46:de:53:9b:c3:2d:87:c0:49:1b:
                    a2:68:1a:fb:ba:f7:5b:ec:b4:f9:92:85:1e:72:12:
                    78:94:47:ac:b9:3d:a3:cf:03:ed:18:e0:d0:8e:1f:
                    6b:59:49:f4:76:57:19:18:74:38:e1:77:45:74:7f:
                    ce:c4:59:77:4a:25:7b:88:58:9d:9f:ac:8c:4a:b6:
                    8c:cc:46:9b:9e:33:6d:52:26:6a:e3:b3:5d:6d:4a:
                    0a:e9:a0:4f:a8:3b:c4:cd:5f:1c:f9:50:7a:0d:da:
                    f1:ca:61:50:c2:56:52:ba:33:80:05:24:9a:58:49:
                    ff:90:36:de:06:24:32:29:47:2b:7d:ec:a5:ab:f7:
                    a6:fd:cf:04:46:02:b4:6b:d2:39:ee:f1:66:d5:e2:
                    23:1b:46:b8:d0:6d:e4:d1:1f:5d:26:e4:5e:44:6b:
                    b2:7b:bc:81:17:56:51:92:ec:61:95:bf:9a:56:8f:
                    5d:3d:66:e5:74:1a:a5:42:a6:ca:6d:4f:49:44:19:
                    5f:b8:e5:64:8a:24:31:80:32:bf:c7:7e:09:0a:7e:
                    19:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:D4:B0:F4:FD:4F:9C:42:A4:6C:DC:3D:2E:EE:5B:41:18:C9:AD:03:F6

            X509v3 Subject Key Identifier: 
                5C:DD:94:66:77:CE:58:18:D8:64:2B:82:2E:3F:7F:F2:95:03:6B:84
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: https://secure.comodo.com/CPS
                Policy: 2.23.140.1.2.1

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca4.com/COMODORSADomainValidationSecureServerCA2.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca4.com/COMODORSADomainValidationSecureServerCA2.crt
                OCSP - URI:http://ocsp.comodoca4.com

            X509v3 Subject Alternative Name: 
                DNS:ssl366066.cloudflaressl.com, DNS:*.cyberghostvpn.com, DNS:cyberghostvpn.com
    Signature Algorithm: sha256WithRSAEncryption
         3f:a2:7c:83:b5:e4:22:33:a1:c0:07:a3:7e:d0:8b:06:2f:d3:
         6e:d6:c2:2f:a5:66:49:0c:bb:39:dc:1c:be:0e:a3:ba:44:e9:
         3d:99:34:e7:3b:9d:4f:60:35:d1:52:fc:63:7d:a8:08:9e:52:
         24:36:8e:d0:89:4d:44:4e:d4:7c:9d:fd:87:dd:b6:7c:51:26:
         90:25:89:eb:88:0a:d5:37:18:bb:14:8b:d5:f6:2a:f0:f3:fc:
         31:04:db:d9:90:00:cc:e4:92:f6:cb:6c:fd:2e:af:ce:a0:fe:
         c6:54:58:fd:fc:43:bb:48:be:03:15:c0:95:54:1f:4f:8e:34:
         c1:b1:06:46:1d:69:3e:ca:8c:8b:91:07:4d:64:d2:46:48:9d:
         2e:9e:3f:da:f5:73:7b:2c:07:f3:89:89:e0:93:78:9f:b4:be:
         3d:d6:b7:3a:ba:20:a7:1f:3b:f0:8e:5b:d1:ea:07:8b:9c:a6:
         3d:16:56:a2:2e:c9:f7:81:9c:af:c5:65:00:0a:eb:49:c9:23:
         a0:70:8d:3d:4a:50:73:64:d8:49:f0:5f:b2:c9:bc:99:78:6f:
         53:73:83:74:ac:00:c4:3e:cf:d6:5a:2d:57:5e:3d:60:b3:02:
         bd:3d:66:89:c7:9c:e4:3e:89:5d:7c:14:a3:f5:3c:42:fd:a4:
         0a:06:9b:fe

Second certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:78:84:e8:e5:e8:72:7b:43:36:12:7f:15:32:14:46
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Domain Validation Legacy Server CA 2
        Validity
            Not Before: Mar  2 00:00:00 2018 GMT
            Not After : Sep  8 23:59:59 2018 GMT
        Subject: OU=Domain Control Validated, OU=Legacy Multi-Domain SSL, CN=ssl366065.cloudflaressl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:cb:9c:14:cd:c9:78:7e:0d:9a:1b:af:98:bd:6d:
                    21:c7:12:04:d4:97:fd:de:bc:ea:a9:fd:d4:2b:e7:
                    d0:98:b5:54:f2:2b:aa:6c:fb:60:86:9c:cf:ae:d4:
                    e3:fe:ad:b9:95:f0:ae:c5:9b:9f:f3:3a:51:93:55:
                    7a:e6:62:4e:47:5c:15:b8:f0:64:a3:07:6a:f1:32:
                    8b:7f:f8:d6:2b:ed:34:67:25:95:b0:f2:e8:ac:aa:
                    cf:e2:7c:a8:39:10:c5:c5:78:e8:69:f4:44:67:94:
                    7f:88:36:2d:0f:a5:c9:a1:4f:eb:04:7f:06:c3:c7:
                    c3:5a:8b:ea:65:e4:78:98:57:67:4e:98:7d:63:e1:
                    7f:4d:90:93:35:ac:57:a2:7a:82:36:c4:73:5c:c2:
                    a2:26:87:c6:2d:db:ec:9f:d8:89:84:a8:b9:c0:fe:
                    7b:e9:c7:11:61:f7:8c:48:2c:86:65:0a:08:8f:1f:
                    10:e0:3a:f4:2e:1d:f3:92:5e:4b:46:97:37:d9:6b:
                    dd:ca:ed:a4:7f:b5:8e:85:66:a0:b7:a7:e8:89:46:
                    cf:fd:78:f7:bc:dd:fc:29:d1:5f:1e:89:ba:2e:44:
                    f6:ba:36:32:4e:99:d7:53:13:a6:76:9a:4f:a0:15:
                    91:bd:83:08:20:7c:cc:be:9e:c9:ae:8d:c8:ad:ab:
                    cd:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:99:8E:02:95:C5:1E:55:22:7B:87:70:8B:5E:1C:01:C2:76:C4:AE:E8

            X509v3 Subject Key Identifier: 
                58:D9:A7:F4:57:FE:6E:E2:E9:D0:F0:80:E3:25:07:6B:B3:20:17:AC
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: https://secure.comodo.com/CPS

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca4.com/COMODODomainValidationLegacyServerCA2.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca4.com/COMODODomainValidationLegacyServerCA2.crt
                OCSP - URI:http://ocsp.comodoca4.com

            X509v3 Subject Alternative Name: 
                DNS:ssl366065.cloudflaressl.com, DNS:*.cyberghostvpn.com, DNS:cyberghostvpn.com
    Signature Algorithm: sha1WithRSAEncryption
         07:1b:13:eb:96:01:9f:da:7d:80:5f:72:92:c0:bd:6b:86:ea:
         b5:5b:e6:35:6b:c7:dc:a1:1b:65:62:69:3f:bd:45:af:8e:ca:
         95:76:c9:69:97:8d:2f:b2:36:96:e9:41:ab:fe:7a:36:fb:ce:
         e9:f5:5d:fb:01:40:7e:6f:d9:e7:24:ac:a2:99:b3:2c:3b:dc:
         4c:cc:69:90:ed:6e:da:0c:a0:86:95:dd:69:65:a4:de:41:51:
         85:2e:1c:3c:56:00:ae:d6:4d:bb:e7:e8:8c:94:f9:fe:cc:0c:
         c2:41:62:5d:64:b4:0e:53:67:56:c1:db:87:75:5a:e9:6c:01:
         be:45:aa:92:fa:e8:4f:7a:a1:44:f9:00:48:a7:55:ee:d6:9b:
         1f:9e:70:e0:fa:c5:7e:cd:9b:d8:c8:a1:e8:bb:4d:7f:31:ef:
         9a:cf:27:ff:39:f7:ce:80:9d:11:cc:d1:29:69:de:ad:04:51:
         cd:b1:8e:af:63:00:d4:08:e7:90:5c:f1:82:8e:8f:0d:0d:8c:
         42:1e:17:ce:6a:20:00:77:04:cc:c2:e3:11:af:78:3b:3c:0b:
         d2:4e:1d:5a:ec:58:77:09:15:bc:f0:0e:cf:fa:ea:51:1c:19:
         a3:5f:69:cb:f4:8a:83:f7:2c:de:a1:5f:2e:fe:47:06:e0:87:
         8e:3b:12:52

Third certificate:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            be:b3:dc:01:de:39:74:99:7b:99:a1:db:97:d4:34:46
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Domain Validation Secure Server CA 2
        Validity
            Not Before: Mar  2 00:00:00 2018 GMT
            Not After : Sep  8 23:59:59 2018 GMT
        Subject: OU=Domain Control Validated, OU=PositiveSSL Multi-Domain, CN=ssl366067.cloudflaressl.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub: 
                    04:92:0b:93:8a:65:ce:02:eb:f9:81:be:cf:54:19:
                    eb:5b:b4:ce:61:1b:32:25:b0:ca:da:e1:1a:b9:59:
                    98:cd:d0:0a:81:0d:4a:99:1b:e8:f5:fd:e1:1f:7b:
                    07:36:a9:85:4f:17:54:f3:71:1a:ee:1b:ad:af:98:
                    7c:55:97:7a:7b
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96

            X509v3 Subject Key Identifier: 
                C6:2E:B1:E7:71:C3:3E:B8:B6:B5:2F:34:8A:5A:06:ED:EB:15:A1:60
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: https://secure.comodo.com/CPS
                Policy: 2.23.140.1.2.1

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt
                OCSP - URI:http://ocsp.comodoca4.com

            X509v3 Subject Alternative Name: 
                DNS:ssl366067.cloudflaressl.com, DNS:*.cyberghostvpn.com, DNS:cyberghostvpn.com
    Signature Algorithm: ecdsa-with-SHA256
         30:46:02:21:00:bf:a3:b1:95:e2:2f:42:5f:8c:e3:f5:24:5f:
         7b:cb:6b:22:bc:98:47:3e:31:6c:25:9d:fc:15:36:9a:26:45:
         b9:02:21:00:82:32:aa:6e:e3:6f:5f:41:b9:91:e1:bd:0e:39:
         e4:2c:35:60:ce:8a:72:db:6e:48:63:e7:6b:44:5a:f3:4c:5e
  • If it's your domain why not just grab the certificate files? – Seth Jul 27 '18 at 9:09
  • Your recent edits should be here as comments, not in the body of your question. They don't add value to the question and are more likely to confuse readers. Also, nobody will spot your edits whereas if you comment here (and use @<user>) or comment on answers (below) the original poster will be notified. – garethTheRed Jul 27 '18 at 11:48
  • "The chain starts at the root authority and ends with the server certificate." No, you are wrong. Chain starts with server certificate, then intermediate certs and the last one is root certificate authority who signed intermediate certificates. – Alex Jul 27 '18 at 11:59
  • Excerpt from Apache’s docs on SSLCertificateFile: “The directive can be used multiple times (referencing different filenames) to support multiple algorithms for server authentication - typically RSA, DSA, and ECC.”. This question is valid. – Daniel B Jul 27 '18 at 12:35
  • Ohh, my bad, I missed that this is Multi-Domain/CN, going to edit answer – Alex Jul 27 '18 at 12:49
0

If you don't have access to the server, then only way to find out what signature algorithms a server will support would be to try each one in turn, similar to the way you've done, but covering all possibilities. A simple script would do that for you. Assuming you have access to a Unix-like shell:

for sign in RSA DSA ECDSA; do
  for digest in MD5 SHA1 SHA224 SHA256 SHA384 SHA512; do
    sigalgs="${sign}+${digest}"
    echo "Trying $sigalgs"
      echo | openssl s_client -connect api.cyberghostvpn.com:443 -sigalgs "$sigalgs" 2> /dev/null > "${sigalgs}.cer"
      if [ $? != 0 ]; then rm "${sigalgs}.cer"; fi
  done
done

What's strange is that not all servers adhere to the SignatureAlgorithm extension in the ClientHello message. www.google.com returns sha256withRSAEncryption for all RSA requests, while failing for DSA and ECDSA.

  • I guess, that is the only solution. Thank you for your answer. Do you happen to know, if openssl also provides some list functionality, for the constants in sign and digest, so one does not have to update this script? – user1861174 Jul 27 '18 at 14:37
  • openssl list --digest-algorithms shows some possible options. The problem is that OpenSSL has its own constants which are quite broad and may not necessarily align with what the TLS spec expects. Given that MD5 is on that list and most sites operate with SHA256, while not many use SHA512, I think the options above should give you quite a few years use. You'd need to have a very unusual/old client to expect anything outside of the above range. – garethTheRed Jul 27 '18 at 15:30

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.