[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: what to do in case of a compromised SSL cert?

From: Bruno Wolff III <bruno wolff to>
To: Chris Weyl <cweyl alumni drew edu>
Cc: Discussion related to Fedora Extras <fedora-extras-list redhat com>
Subject: Re: what to do in case of a compromised SSL cert?
Date: Thu, 24 Aug 2006 16:23:32 -0500

On Thu, Aug 24, 2006 at 12:58:24 -0700,
  Chris Weyl <cweyl alumni drew edu> wrote:
> Is there a procedure in place to deal with lost, possibly compromised
> SSL certs?
> 
> For the record, I have no reason to suspect mine has been, but I'm
> curious as to how we'd deal with it :)

Doing nothing is probably your first choice. The cert will still keep visitors
from getting scary popups they don't understand. Trying to revoke the cert
won't work very well (unless you control the browsers of your visitors) and
won't prevent any likely attacks.

Follow-Ups:
- Re: what to do in case of a compromised SSL cert?
  - From: Till Maas

References:
- what to do in case of a compromised SSL cert?
  - From: Chris Weyl

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]