How to Secure SSL Certificate Private Keys

Others 2022-04-28 10:49:52 views: 0
According to foreign media reports on December 11, foreign software developers discovered that Microsoft accidentally exposed a Dynamics 365 TLS certificate and private key. This TLS certificate was exposed for at least 100 days in the Dynamics 365 sandbox environment used for user acceptance testing. SSL certificates are used to encrypt web communications between users and servers, and if an attacker extracts the certificate, they can gain access to any sandbox environment, leading to man-in-the-middle (MiTM) attacks, etc. ​Last month

, a foreign white hat also claimed to have discovered the private key of the SSL certificate of the website of the Chinese company DJI, which was accidentally published on Github for four years. The security issue of the private key of the SSL certificate has caused concern.

What is an SSL certificate private key?

The SSL/TLS protocol is a network communication security protocol. It uses public key encryption technology and symmetric encryption technology to encrypt the data transmission between the client and the server to ensure the confidentiality and integrity of data transmission and the authenticity of the identity of the communicating party. sex.

To use the SSL protocol, the server must have a valid SSL certificate, which is a digital certificate that follows the SSL/TLS protocol and contains a unique pair of matching public and private keys. The key pair of the SSL certificate is generated by the website owner through the web server software and stored in the keystore of the web server software, or generated in the SSL accelerator card (encryption hardware) used by the web server software and stored in the encryption hardware middle. When a website owner applies for an SSL certificate from a CA, the certificate request file only contains the public key, not the private key. The private key of the certificate is saved by the website, and the certificate request file is submitted to the CA agency for authentication and signature and then disclosed to the public.

It is critical to protect the security of your SSL certificate private key during the certificate life cycle. The public key and private key themselves are not directly used to encrypt and decrypt data content, but are used to negotiate algorithms and securely exchange session keys. Leakage of the private key of the SSL certificate will lead to the leakage of the encrypted session key, which in turn will result in website data leakage.

How to protect SSL certificate private key security?

Wotong CA suggested that the private key of the SSL certificate directly affects the security of the server, and protecting the security of the enterprise SSL certificate and private key should be the priority of the enterprise. Enterprises should be aware of how many private keys and certificates they have, their locations and uses, conduct security and standardized management of the private keys of server SSL certificates for various websites and mobile applications, and take adequate security measures, and cooperate with security management measures and technical means. , Implement management responsibilities, and formulate emergency response measures to effectively prevent the disclosure of SSL certificate private keys. For example:

1. Use the principle of least privilege: implement multi-factor authentication for access to systems and networks; block all but necessary network ports; install all available security updates and run antivirus scanners.

2. Keys are stored in secure cryptographic hardware devices: Keys are stored on general-purpose computers that are vulnerable to attack, and encrypted hardware devices are not vulnerable and trusted by most important applications.

3. Monitor key and certificate trustworthiness and fix any security holes that make it difficult for attackers to control computer systems and networks.

4. Set a complex protection password for the private key.



​Wotong original article, please indicate the source when reprinting

Wotong Super True SSL Pro wildcard certificate, buy one year get one year free! Online consultation https://www.wosign.com/marketing/ssl-sale-201712.htm

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326265534&siteId=291194637
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com