3

I'm deploying hundreds/thousands of small servers that communicate with my hosted mothership via HTTPS and ssh.

What are the best practices for managing SSL client certs (for https) and ssh keys, when either might need to be revoked? I'm thinking about issues like distributing keys/certs on change, managing revocation, when an individual ssh key is needed vs a shared one...

Bill Gribble
  • 1,797
  • 12
  • 15

2 Answers2

1

Generate the key on the client, save the keypair in a SQLite database (preferably encrypted), transmit the public key to the server via web-methods, and save it there.

Since it's a public key, you can transmit and save it unencrypted.

(Optionally generate a key on the server and send the public key back to the client)

When a key needs to be revoked, you simply delete the respective keys on the server.

Stefan Steiger
  • 78,642
  • 66
  • 377
  • 442
  • 1
    Then the question is how do you handle the upload of the client-generated certs/keys securely, so an impostor can't register her keys and inject evil into your system. I lean towards a onetime password that the installer can enter into a webform, saying "expect keys over non-cert https using this password". – Bill Gribble Nov 10 '10 at 13:33
1

For thousands of servers you might consider using an Enterprise product like Venafi Encryption Director: http://www.venafi.com/Products/Venafi-Encryption-Director/ It is quote expensive though so you'll have to determine if it is worth it.

There are also free products (http://www.kousec.com/download.html) that have similar functions but they aren't nearly as robust.

Robert
  • 2,341
  • 18
  • 11