crt and csr file stolen


If a .csr and a .crt are both stolen, is this a security risk?  If so, why.
Who is Participating?
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:

A CSR is just an unsigned CRT (you send the CSR to a CA, get back a CRT)

a CRT is just a cert - you send it to everyone who connects to your site, each and every time. Hence, stealing it would be a waste of time.

it is the private key (usually in a PFX file) you need to be protective of.
NYGiantsFanAuthor Commented:
Thanks!  That is what I thought, however needed the second set of eyes to sleep at night.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.