Monday, March 19, 2018

SSL certificate issuer mistake with private-keys

I saw this posted  that a certificate issuer mailed private-keys for over 20K certificate.

I have no comments , but  a lot of  organizations have poor  security practice when delivering  private-keys.

Unless the private-key where secured via  AESencryption and a strong passphrase, than they did a very wrong  action with sending private-keys via EMAIL.

Ken Felix

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
        /  \


No comments:

Post a Comment