A wildcard CA and the associated key was posted company wide. Is there any risk sharing this information inside and outside the company?
Asked
Active
Viewed 29 times
-1
-
The private key or the public key? – Aasmund Eldhuset Aug 02 '16 at 04:56
-
If the private key is leaked, the SSL certificate is effectively meaningless -- anyone who has it can decrypt the encrypted traffic. This question is better suited for `security.stackexchange.com` or `serverfault.com` though. It's not a programming question. – alzee Aug 02 '16 at 04:57
1 Answers
0
If the private key was published: Revoke the CA immediately! (Unless you intend for any employee at the company to be able to create certificates.) If you are in the business of selling certificates: I would never purchase a certificate from a company where all the employees have the private key.
If the public key was published: No problem; as a matter of fact, publishing of the public key is a necessary part of using the certificate.
Aasmund Eldhuset
- 37,289
- 4
- 68
- 81