4

To explain the situation a bit:

I'm building an iOS application that uses SSL pinning. I've created a self-signed certificate authority that issues SSL certificates to my web server, and the CA's certificate is bundled with the application for verification. I'd like to use letsencrypt to create the SSL certificates for the web server so that they are trusted implicitly by web browsers, but their certificates wouldn't be signed by my CA so this wouldn't work in the application. (It's worth noting that certificates issued by letsencrypt are very short lived, so they can't be used directly for SSL pinning).

So I'd like to generate a certificate using letsencrypt and then cross-sign it with my CA. Is this possible?

Ell Neal
  • 141
  • 4
  • 1
    This *might* be better at http://security.stackexchange.com/ – Raystafarian Dec 14 '15 at 12:03
  • 1
    Don't bundle root CA cert, bundle the final cert. Just use regular, commercial, 2-year long certs and publish new version of your app every year, bundled with 2 overlapping certs. It's easy for your cert-pinned client to accept one of several certs. OR have your www signed by letsencrycpt but sign API with self-signed on a subdomain. There is no point in your app accessing WWW or users accessing API via browser, so I don't really feel your problem. – Agent_L Dec 14 '15 at 12:03
  • As @Agent_L suggested, I would recommend to use a separate (sub)domain for the app api. – zelanix Dec 14 '15 at 13:00
  • @Agent_L the problem is purely my own. I don't _need_ to do this, it would just make me happier to know that it's a **valid** SSL certificate, but still pinned. This question is just me asking "Can this be done?", not necessarily saying that I can't continue without doing it. – Ell Neal Dec 14 '15 at 13:04
  • @EllNeal Every SSL cert is **valid**. Self-signed can be more secure than signed by some commercial signer. – Agent_L Dec 14 '15 at 13:06
  • @Agent_L I agree, excuse my wording. I meant implicitly trusted. – Ell Neal Dec 14 '15 at 13:09
  • @EllNeal It's still not the correct term : ) It's merely "trusted by the guy who made your OS (or browser)". And they are sometimes wrong. – Agent_L Dec 14 '15 at 13:11
  • 1
    @Agent_L: "Valid" itself has various meanings here – for example, in OpenPGP circles (and often when it comes to X.509 as well), it has nothing to do with format/syntax validity, but everything to do with trust of the signatures a certificate carries. A self-signed X.509 cert wouldn't be malformed, but still could be invalid in the sense that there's no trust anchor to verify it against... – u1686_grawity Dec 14 '15 at 13:48

2 Answers2

4

A certificate can only contain a single signature. But, since you are using SSL pinning anyway there is no need to have your own CA, because inside your iOS app you simply check the public key fingerprint. As long as you use the same key pair when renewing the certificate with letsencrypt the public key fingerprint fully identifies the certificate also after renewing.

Steffen Ullrich
  • 5,642
  • 17
  • 22
3

Is it possible to have a certificate signed by 2 authorities?

No. There's only room for one issuer, one authority key identifier, etc.

Also see Certificate with Multiple Signers? on the PKIX mailing list. PKIX is the Internet's PKI as called out by the IETF. Other PKIs may be different.

If you encounter another PKI that allows it, then it likely won't work/interop with browsers and other user agents like curl, wget, etc. They simply won't know how to handle the certificate.

jww
  • 11,918
  • 44
  • 119
  • 208