Revocation
This page provides detailed information about certificate revocation in the Quantum-Safe PKI project. Certificate revocation is a critical aspect of PKI security, allowing certificates to be invalidated before their expiration date if they are compromised or no longer needed.
Certificate Revocation Overview
Certificate revocation is the process of invalidating a certificate before its expiration date. This might be necessary for several reasons:
- The private key associated with the certificate has been compromised.
- The certificate was issued incorrectly or to the wrong entity.
- The certificate is no longer needed or has been replaced.
- The certificate holder's information has changed.
- The certificate authority's policies have changed.
The Quantum-Safe PKI project implements two standard methods for certificate revocation:
- Certificate Revocation Lists (CRLs): Periodically published lists of revoked certificates.
- Online Certificate Status Protocol (OCSP): A protocol for real-time certificate status checking.
Certificate Revocation Lists (CRLs)
A Certificate Revocation List (CRL) is a signed list of certificates that have been revoked by the Certificate Authority (CA) before their scheduled expiration date. The CA periodically issues updated CRLs, which clients can download and check against when validating certificates.
CRL Structure
A CRL contains the following information:
- Issuer: The entity that issued the CRL (typically the CA).
- Last Update: The time at which the CRL was issued.
- Next Update: The time at which the next CRL will be issued.
- Revoked Certificates: A list of revoked certificates, each containing:
- Serial Number: The serial number of the revoked certificate.
- Revocation Date: The date and time at which the certificate was revoked.
- Reason Code: The reason for revocation (optional).
- Signature: The CA's digital signature over the CRL, ensuring its authenticity and integrity.
CRL Distribution Points
Certificates issued by the CA Service include a CRL Distribution Point (CDP) extension, which specifies the URL where the CRL can be downloaded. This allows clients to automatically locate and download the CRL when validating a certificate.
The CA Service provides the CRL at the /crl endpoint, which returns a DER-encoded X.509 CRL.
Downloading and Using CRLs
To download the CRL from the CA Service, you can use the following command:
# Download the CRL curl -o crl.der https://localhost:5000/crl # Convert the CRL to PEM format (optional) openssl crl -inform DER -in crl.der -outform PEM -out crl.pem # View the CRL contents openssl crl -inform DER -in crl.der -text -nooutWhen validating a certificate, you can check it against the CRL using OpenSSL:
# Verify a certificate against the CRL openssl verify -crl_check -CAfile ca-cert.pem -CRLfile crl.pem certificate.pemOnline Certificate Status Protocol (OCSP)
The Online Certificate Status Protocol (OCSP) provides a way to check the revocation status of a certificate in real-time, without having to download and parse a CRL. This is more efficient and timely than using CRLs, especially for large PKI deployments.
How OCSP Works
- A client wants to verify the revocation status of a certificate.
- The client creates an OCSP request containing the certificate's issuer name and serial number.
- The client sends the OCSP request to the OCSP responder (specified in the certificate's Authority Information Access extension).
- The OCSP responder checks the certificate's status and returns an OCSP response.
- The client verifies the OCSP response and uses it to determine the certificate's revocation status.
OCSP Response Status
An OCSP response includes one of the following status values for each certificate:
- Good: The certificate is not revoked.
- Revoked: The certificate is revoked.
- Unknown: The responder doesn't know about the certificate.
Using OCSP
The CA Service provides an OCSP responder at the /ocsp endpoint. To check a certificate's status using OCSP:
# Create an OCSP request openssl ocsp -issuer ca-cert.pem -cert certificate.pem -reqout ocsp-request.der # Send the OCSP request to the responder curl -X POST -H "Content-Type: application/ocsp-request" --data-binary @ocsp-request.der https://localhost:5000/ocsp -o ocsp-response.der # Parse the OCSP response openssl ocsp -respin ocsp-response.der -text -resp_textOCSP Stapling
OCSP stapling is a technique where the server periodically obtains an OCSP response from the CA and "staples" it to the TLS handshake. This eliminates the need for clients to make separate OCSP requests, improving performance and privacy.
The services in the Quantum-Safe PKI project support OCSP stapling for their TLS certificates. This is configured automatically when the services start.
Revoking Certificates
There are two ways to revoke certificates in the Quantum-Safe PKI project:
- Using the CA Service: Directly calling the
/revoke-certendpoint. - Using the ACME Server: Using the ACME protocol's revocation mechanism.
Revoking a Certificate with the CA Service
To revoke a certificate using the CA Service, you can use the following command:
# Get the certificate's serial number openssl x509 -in certificate.pem -noout -serial # Revoke the certificate curl -X POST --cert client.pem --key client-key.pem --cacert ca-cert.pem -H "Content-Type: application/json" -d 'serial": "1234567890ABCDEF' https://localhost:5000/revoke-certRevoking a Certificate with the ACME Server
To revoke a certificate using the ACME Server, you can use an ACME client like Certbot:
# Revoke a certificate using Certbot certbot revoke --cert-path certificate.pem --server https://localhost:4000/directoryAlternatively, you can use the ACME protocol directly by creating a JWS-signed request to the /acme/revoke-cert endpoint.
Revocation Reasons
When revoking a certificate, you can specify a reason code to indicate why the certificate is being revoked. The following reason codes are defined in RFC 5280:
| Code | Reason | Description |
|---|---|---|
| 0 | Unspecified | No specific reason given |
| 1 | Key Compromise | The private key has been compromised |
| 2 | CA Compromise | The CA's private key has been compromised |
| 3 | Affiliation Changed | The certificate holder's affiliation has changed |
| 4 | Superseded | The certificate has been replaced by a new certificate |
| 5 | Cessation of Operation | The certificate is no longer needed |
| 6 | Certificate Hold | The certificate is temporarily invalid |
| 8 | Remove from CRL | The certificate should be removed from the CRL |
| 9 | Privilege Withdrawn | The certificate holder's privileges have been withdrawn |
| 10 | AA Compromise | The attribute authority's private key has been compromised |
Best Practices for Certificate Revocation
When implementing certificate revocation in your PKI deployment, consider the following best practices:
- Implement Both CRL and OCSP: Use both mechanisms to provide flexibility and redundancy.
- Keep CRLs Small: Issue CRLs frequently and consider using partitioned CRLs for large deployments.
- Use OCSP Stapling: Configure servers to use OCSP stapling to improve performance and privacy.
- Monitor Revocation Status: Regularly check that revoked certificates are properly included in CRLs and OCSP responses.
- Plan for Revocation: Have procedures in place for quickly revoking certificates in case of compromise.
- Test Revocation: Regularly test that revoked certificates are properly rejected by clients.
Next Steps
Now that you understand certificate revocation in the Quantum-Safe PKI project, you might want to explore:
- API Endpoints: Review the API endpoints provided by each service.
- Authentication: Learn about the authentication mechanisms used by the services.
- Running the Services: Return to the guide on running the services.