Solved

crt and csr file stolen

Posted on 2014-04-16
2
501 Views
Last Modified: 2014-04-22
Question:

If a .csr and a .crt are both stolen, is this a security risk?  If so, why.
0
Comment
Question by:NYGiantsFan
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 40005639
No.

A CSR is just an unsigned CRT (you send the CSR to a CA, get back a CRT)

a CRT is just a cert - you send it to everyone who connects to your site, each and every time. Hence, stealing it would be a waste of time.

it is the private key (usually in a PFX file) you need to be protective of.
0
 

Author Closing Comment

by:NYGiantsFan
ID: 40014926
Thanks!  That is what I thought, however needed the second set of eyes to sleep at night.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Web Fraud scenarios to PoC F5  web fraud prevention 7 48
Public Printing Options 3 49
Admin Certificates in my browser 2 32
Turning off updates in Ubuntu 8 22
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question