what to do in case of a compromised SSL cert?
Bruno Wolff III
bruno at wolff.to
Thu Aug 24 21:23:32 UTC 2006
On Thu, Aug 24, 2006 at 12:58:24 -0700,
Chris Weyl <cweyl at alumni.drew.edu> wrote:
> Is there a procedure in place to deal with lost, possibly compromised
> SSL certs?
>
> For the record, I have no reason to suspect mine has been, but I'm
> curious as to how we'd deal with it :)
Doing nothing is probably your first choice. The cert will still keep visitors
from getting scary popups they don't understand. Trying to revoke the cert
won't work very well (unless you control the browsers of your visitors) and
won't prevent any likely attacks.
More information about the fedora-extras-list
mailing list