Monday, March 19, 2018

SSL certificate issuer mistake with private-keys

I saw this posted  that a certificate issuer mailed private-keys for over 20K certificate.



I have no comments , but  a lot of  organizations have poor  security practice when delivering  private-keys.


Unless the private-key where secured via  AESencryption and a strong passphrase, than they did a very wrong  action with sending private-keys via EMAIL.







Ken Felix




NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \

 

No comments:

Post a Comment