Can a SSL certificate be signed by multiple certificate authorities?

Asked 28/6, 2011 at 11:59 Answered 7/9, 2022 at 13:58

Solved ssl-certificate certificate-authority

It would be nice to spread the trust around a bit, so we don't have to rely on just one root in any instance.

Is it possible to have a single certificate signed by more than one CA?

Melanie answered 28/6, 2011 at 11:59 Comment(0)

No, the X509 certificate format up to version 3 is designed to contain exactly one signature.

Cleanlimbed answered 29/6, 2011 at 0:55 Comment(3)

But are there alternate formats which support multiple signatures? – Fash 29/6, 2011 at 20:26

@Jumbogram: I am not aware of any alternate formats for X509 certificates that support multiple signatures. There is the PKCS#7 standard and variants which allow for multiple signatures, but these are not supported by TLS. And there are defined TLS extensions that support PGP keys which can have multiple signatures, but I don't think there is much support out there for those extensions. – Cleanlimbed 29/6, 2011 at 22:28

Thanks. I'm trying to find out if it's possible to have multiple CAs certify the one SSL session. I realise I didn't quite ask that question, so I might rephrase and make a new one, but your answer has helped me. – Melanie 30/6, 2011 at 7:41

Can a SSL certificate be signed by multiple certificate authorities?

It depends, but mostly NO. It depends on the PKI being used. There are two widespread PKIs used, and neither of them allow it.

The first widespread PKI is under CA/Browser Baseline Requirements. The CA/B BR documents what browsers are doing. The second one is the IETF's PKIX. It's what user agents like curl and wget follow. Neither of them allow it.

The CA/B and the IETF have slightly different rules. For a more in-depth discussion, see How do you sign Certificate Signing Request with your Certification Authority?

Now, there are two other options that could work for you, but they will require some work.

The first alternate option is to run your own PKI that does allow it. But browsers and other user agents won't know how to handle the certificates.

The second alternate option is to use an extension that includes the second authority's certification. Then, the primary authority, like a public CA, would sign the request with extension. Typical user agents will use the customary public CA signature, while your custom software will use the embedded alternate signature.

Extensions are usually used for policy (like conveying "extended validation" information), but it may work here. However, the IETF's PKI lacks policy, so you may need to get creative.

Also see Is it possible to have a certificate signed by 2 authorities? on Super User.

Also see Certificate with Multiple Signers? on the PKIX mailing list. PKIX is the Internet's PKI as called out by the IETF.

Galata answered 7/2, 2016 at 19:32 Comment(0)

Yes, it is possible. You can find an example here:

http://www.confusedamused.com/notebook/fixing-verisign-certificates-on-windows-servers/

enter image description here

Naseby answered 2/7, 2013 at 8:46 Comment(3)

I'm not convinced by that article. I think the author uses "cross-signed" when he means "two certificates for the same entitiy, issued by two different chains". His screenshots also show a slightly different certificate name (LYNC-PROD-08 vs LYNC-PROD-08.fngn.com). – Wisent 25/10, 2017 at 8:44

How would I configure both those chains in a service like nginx? AFAIK TLS1.2 only allows to receive a single chain. – Mitosis 10/11, 2022 at 16:32

I agree with Duncan Jones, maybe a better way to describe cross-signed certs would be: a root CA is either self-signed or signed by another CA making it look like an intermediate CA, provided in a different file. like the ones published at letsencrypt.org/certificates (root X1 and root X2) – Gerger 1/12, 2023 at 10:35

Yes, a certificate may be signed by multiple CA's. The term for this is cross-signing. See https://letsencrypt.org/certificates/ for a good description of how this works. Note that in the diagram at the top of the page, several of Let's Encrypt's intermediate certificates are signed by two root certificates (ISRG Root X1 and DST Root CA X3). Also, see https://security.stackexchange.com/questions/14043/what-is-the-use-of-cross-signing-certificates-in-x-509 for more info.

Jacobsen answered 25/3, 2021 at 19:52 Comment(1)

Technically a certificate can't be signed by multiple CAs, but a certificate can be cross-signed, in which case you have multiple certificates with the same CN and a public key, but signed by different authorities and providing a different path for verification. See also this and this. – Faroff 14/5 at 17:34

No, one single certificate is signed by only one CA. But you can have two so-called cross-signed certificates, which share the same private and public key and the same common name and other common information, but signed by two different CAs. In that case, they are both equally valid alternatives for the validation of a certificate on a lower level which is issued by one of them.

Casarez answered 7/9, 2022 at 13:58 Comment(0)

Recommended topics

Hot tags