« Stop complaining and solve a security problem instead | Main | Apache Security Wordle »

Detection of certificate chain issues in SSL Labs

November 30, 2010

One of the recent additions to the SSL Labs test was the detection of various chain issues. The feature is still marked as experimental, and it will remain so until we conclude that the advice we give there is safe.

Certificate chains are a PKI feature that allows root certificate authorities to delegate the work of certificate signing. Roughly one half of all sites have certificates that are signed by a trusted CA. Such sites need only provide the server's certificate in the handshake. The remaining half (of the sites) uses intermediate certificates (usually only one; it is rare to see a site with more than one such certificate). Such sites need to provide all the intermediate certificates in addition to the server's certificate.

In our tests, we detect the following chain issues:

  • Missing intermediate certificates; When a site does not provide the necessary intermediate certificates, a trust path cannot be established. Generally speaking, we cannot distinguish that case from a certificate signed by a custom CA. However, some server certificates include the information on which intermediate certificates are required, and also where to obtain them. SSL Labs will attempt to fetch missing certificates. If the intermediate certificates are found, then it's very likely that a trust path will be established. In such cases, the test will issue a warning. If you site receives the warning you should reconfigure the server to add the missing certificates.
  • Certificate chains that are too long; Sites often include more certificates in the handshake than necessary. Of those, most include one extra certificate, and that is the actual trusted root certificate (which browsers already have in their storage). This last certificate is not needed for the validation process. Having an additional certificate in the chain wastes bandwidth and decreases overal performance slightly. A small number of sites will include a very large number of certificates as a result of misconfiguration. Such sites will typically suffer significant performance issues and need to be reconfigured.
  • Certificates given in incorrect order; According to the standard, certificates must be presented in the order in which they are needed. The main, server, certificate must come first, followed by the certificate that signed it, followed by the next certificate in the chain, and so on. A small number of sites does not get this order right. Most SSL clients will deal with this problem silently, but there is a small number of platforms that will give up.