Menu
Would there be a security issue with storing the SSL cert for your web app in the source code repository, SO LONG AS you were NOT storing your private key as well?
I'm a little spoiled by how easy it is to use source control to make a backup of such things, and want to make the most of it, but I also don't want to be sloppy about its use, or endanger security.
946
The right place to store your certificate is /etc/ssl/certs/ directory. Save your private keys to /etc/ssl/private/ directory.
Since SSL Keys and Certificates are just text files, you could base64 encode them, and save it as a string in Vault, or even just the text in Vault as well.
The most secure method of storing your private keys is to use some form of cryptographic hardware storage device. While they can be expensive, tools like Hardware Storage Modules (HSM), Smart Cards, or USB tokens are great lines of defense against an attack.
No. The certificate is public; the server will present it during every SSL handshake, and some CAs even maintain a public repository of all of the certificates they issue. There's no need to try to keep a certificate secret.
The private key, on the other hand, must be kept secret. And, if you were trying to authenticate someone ("two-way SSL" or client authentication), you would need to integrity protection for your root certificates. If you were to store this material in your revision control system, it should be protected with strong password.
132
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
