Solved

crt and csr file stolen

Posted on 2014-04-16
2
507 Views
Last Modified: 2014-04-22
Question:

If a .csr and a .crt are both stolen, is this a security risk?  If so, why.
0
Comment
Question by:NYGiantsFan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 40005639
No.

A CSR is just an unsigned CRT (you send the CSR to a CA, get back a CRT)

a CRT is just a cert - you send it to everyone who connects to your site, each and every time. Hence, stealing it would be a waste of time.

it is the private key (usually in a PFX file) you need to be protective of.
0
 

Author Closing Comment

by:NYGiantsFan
ID: 40014926
Thanks!  That is what I thought, however needed the second set of eyes to sleep at night.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question