cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

SSL Certificate revoked

We received a mailer 4 hours before revocation of our wild-card certificate. The reason quoted was "The private key for the affected certificates were found to be publicly accessible" .

When we asked GoDaddy support team to share evidences of the leak, they asked us to hire a professional who can help us with it.

So my question is, even if I acknowledge there was a compromise with my SSL certificate, how do I prevent it from occurring in future, as we have no means/tools to find the leakage.

PS: We have our site hosted with GoDaddy and the leakage happened from the hosting platform.

1 ACCEPTED SOLUTION
Resolver III

Hi,

I understand your concerns and uncertainty and it is indeed a difficult position where you are now. It is hard to find out the reason for the compromise or indeed how the leak actually happened. 

 

As there doesn't seem to be any large scale incident, the reason was likely linked to the configuration of your site. It is not clear whether GoDaddy tested your site itself or whether it based the revocation decision on a piece of information coming from the third party. 

 

The main thing we can really focus on is a likely reason of the leak / compromise and these are:

1. the private key is readable via public access - e.g., web access or disk share that is publicly accessible. The reason for that would be a forgotten copy of a file with the private key. 

ACTION: search for all the copies of private keys that exist on your site - find out why they were created and why they haven't been deleted.

2. your password has been compromised - you used an insecure password and someone has managed to log in to your server and download (and publish) your private key.

ACTION - change passwords, optionally switch to more secure authentication if available.

 

If you purchased security scanning with your certificate, the chances are the real reason is the first one. You will need to get a new certificate. Make notes of all the copies of the private key and delete all those not needed anymore.

 

If you have more details about the alleged leak, use them to pinpoint the real cause of the leak.

 

Good luck

  Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

View solution in original post

1 REPLY 1
Resolver III

Hi,

I understand your concerns and uncertainty and it is indeed a difficult position where you are now. It is hard to find out the reason for the compromise or indeed how the leak actually happened. 

 

As there doesn't seem to be any large scale incident, the reason was likely linked to the configuration of your site. It is not clear whether GoDaddy tested your site itself or whether it based the revocation decision on a piece of information coming from the third party. 

 

The main thing we can really focus on is a likely reason of the leak / compromise and these are:

1. the private key is readable via public access - e.g., web access or disk share that is publicly accessible. The reason for that would be a forgotten copy of a file with the private key. 

ACTION: search for all the copies of private keys that exist on your site - find out why they were created and why they haven't been deleted.

2. your password has been compromised - you used an insecure password and someone has managed to log in to your server and download (and publish) your private key.

ACTION - change passwords, optionally switch to more secure authentication if available.

 

If you purchased security scanning with your certificate, the chances are the real reason is the first one. You will need to get a new certificate. Make notes of all the copies of the private key and delete all those not needed anymore.

 

If you have more details about the alleged leak, use them to pinpoint the real cause of the leak.

 

Good luck

  Dan

 

———

I've worked around (not only) SSL security for over 20 years in enterprises and startups. 

I am now running an HTTPS expiry management service KeyChest.net

View solution in original post