Re: [mosquitto-dev] Q: mosquitto broker TLS certificate based client aut

[Ben Kinsella <kinsella.ben@xxxxxxxxx>]

Hi Roger,

I hadn't seen your reply to Ralf when I sent mine (because I subscribe to the digest).

I'm concerned by what you said, but maybe it's because I don't really understand it.

What are you saying is not possible? I have a test environment with different CAs for the server and client, and it works fine.

And why would using a particular CA for the server mean that any client using the same CA could automatically authenticate?

Surely if my mosquitto.conf file has "cafile" (or "capath") pointing to the trusted client CA(s), which does NOT include the server's CA, then there is no issue?

Confused,

Ben.

On 1 February 2017 at 17:00, <mosquitto-dev-request@eclipse.org> wrote:

...

Message: 1
Date: Tue, 31 Jan 2017 22:01:52 +0000
From: Roger Light <roger@xxxxxxxxxx>
To: General development discussions for the mosquitto project
        <mosquitto-dev@xxxxxxxxxxx>
Subject: Re: [mosquitto-dev] Q: mosquitto broker TLS certificate based
        client authentication ?
Message-ID:
        <CAH7zdydg+0YPX3T6L3Ggq3rO5AvvazS6kTDag709iwnO6UBS8Q@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Hi Ralf,

You can have multiple trusted CAs defined, so the letter of what you
are asking is possible - a server signed by one CA and client
certificates signed by another. The trouble is that at least at the
moment I don't think having the server certificate be signed and
trusted by one CA (letsencrypt) and your client certificates signed by
your own CA, but have them be kept separate, is possible. In other
words, I suspect that if you set it up like that then anyone with a
letsencrypt certificate could authenticate as a client.

This is clearly not ideal, I'll have to look into what would be
possible in this area. It will probably require extra configuration.

Cheers,

Roger


On Tue, Jan 31, 2017 at 2:33 PM, Ackermann, Ralf <ralf.ackermann@xxxxxxx> wrote:
> Hello,
>
>
>
> I'm trying to setup a mosquitto MQTT broker with both
>
>                 - TLS support and the chance for clients to verify broker
> authenticity based on a server certificate that is signed by a valid CA
> (e.g. Let's Encrypt certificate with DST Root CA X3 as root CA with the
> corresponding .pem to be used with the MQTT client. e.g. a client based on
> the Paho lib) - DONE
>
>                 -  additionally: client authentication based on TLS
> certificates
>
>
>
> The question I have is the following:
>
>
> https://primalcortex.wordpress.com/2016/11/08/mqtt-mosquitto-broker-client-authentication-and-client-certificates/
>
> states that: Using client certificates, signed by a certificate authority,
> assures the client identity. The certificate authority used must be the same
> used by the server certificates and is only supported over TLS/SSL.
>
>
>
> Is this really a constraint to be met - or can mosquitto also be configured
> to work with client certificates that are signed by another CA (including
> potentially even a "non official certificate signer") than the one I
> mentioned for the broker authentication?
>
>
>
> In addition: Is there somebody who has worked on such a setup and would be
> willing to share some experience?
>
>
>
> best regards
>
>   Ralf
>
>
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/mosquitto-dev


------------------------------

Message: 2
Date: Wed, 1 Feb 2017 09:14:31 +0000
From: Ben Kinsella <kinsella.ben@xxxxxxxxx>
To: mosquitto-dev@xxxxxxxxxxx
Subject: Re: [mosquitto-dev] Q: mosquitto broker TLS certificate based
Message-ID:
        <CAN2m+X7xst2m7RzkE8XZ+He54E4RsGGe8UqUNeTtZvoDHmdzSA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi Ralf.

No, it is NOT required that the same CA is used to issue both the server
(broker) cert and the client certs. This is a common simplification used
when implementing TLS with mutual authentication. For example, Roger's own man
page for TLS configuration <https://mosquitto.org/man/mosquitto-tls-7.html>
assumes the use of a single CA. This is not unique to Mosquitto or MQTT.
OpenVPN for example does the same.

In my experience, the use of a single CA in "getting started" documentation
causes more harm than good. It creates confusion about what the CA cert
actually represents. i.e. In their respective trust stores, the client
needs to have a cert for the root CA of the server, and the server needs to
have a cert for the root CA of the client. That's all there is to it.

Also, using a single CA is less secure than using two (or more, as every
client could in theory have a cert issued by a different CA). In
particular, if you use your server's CA to issue certs to multiple clients,
then you are vulnerable to a Man-In-The-Middle attack. i.e. Any one client
could decide to use the cert you gave them to impersonate your server, and
all other clients would blindly trust it. (Unless of course the clients do
some further certificate verification. Which again, they should, but most
programmers don't bother.)

Regards,
Ben.


----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 31 Jan 2017 14:33:59 +0000
> From: "Ackermann, Ralf" <ralf.ackermann@xxxxxxx>
> To: "mosquitto-dev@xxxxxxxxxxx" <mosquitto-dev@xxxxxxxxxxx>
> Subject: [mosquitto-dev] Q: mosquitto broker TLS certificate based
>         client  authentication ?
> Message-ID: <04F4D2A2-76C7-4D5B-9DC6-EA6D62EDB8C8@xxxxxxx>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
> I'm trying to setup a mosquitto MQTT broker with both
>                 - TLS support and the chance for clients to verify broker
> authenticity based on a server certificate that is signed by a valid CA
> (e.g. Let's Encrypt certificate with DST Root CA X3 as root CA with the
> corresponding .pem to be used with the MQTT client. e.g. a client based on
> the Paho lib) - DONE
>                 -  additionally: client authentication based on TLS
> certificates
>
> The question I have is the following:
>                 https://primalcortex.wordpress.com/2016/11/08/mqtt-
> mosquitto-broker-client-authentication-and-client-certificates/
> states that: Using client certificates, signed by a certificate authority,
> assures the client identity. The certificate authority used must be the
> same used by the server certificates and is only supported over TLS/SSL.
>
> Is this really a constraint to be met - or can mosquitto also be
> configured to work with client certificates that are signed by another CA
> (including potentially even a "non official certificate signer") than the
> one I mentioned for the broker authentication?
>
> In addition: Is there somebody who has worked on such a setup and would be
> willing to share some experience?
>
> best regards
>   Ralf
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://dev.eclipse.org/mailman/private/mosquitto-dev/
> attachments/20170131/a1048b3c/attachment.html>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dev.eclipse.org/mailman/private/mosquitto-dev/attachments/20170201/e249d39d/attachment.html>