Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m fairly certain I shouldn\'t commit certificates into source control. Even i

ID: 659940 • Letter: I

Question

I'm fairly certain I shouldn't commit certificates into source control. Even if the repository is private and only authenticated coworkers (for example) have access to it. That would allow for accidental exposure (thumb drives, leaked credentials, whatever).

But, how should I store and secure certificates? I don't suppose I should just plop them on the network file server, for some of the same reasons I wouldn't put them into source control, right?

Is there some kind of secure certificate store that I can run? Does the Java "keystore" do that generally or is it specific for like weblogic servers or something?

Explanation / Answer

This answer applies to SSL or PGP type digital certificates, which bind an identity to a public key. It has been pointed out to me that the question as originally asked did not specify what kind of certificate, so my answer may not fit the question.

Digital certificates which bind an identity to a public key do not need special security because they contain only the public key. There is no reason not to store a copy in your source code control system.

The corresponding private key does need to be kept secure, but will need to be installed in the server(s) or email client(s) which are identified in the certificate. So, the private key is necessarily exposed to anyone who has administrative access to those machines. Also to anyone who has access to backup tapes, etc.

You absolutely do need a backup of the private key; if it is lost, as through a disk failure, you'll need to replace the certificate with the corresponding public key. I keep mine on an encrypted volume for which a very few people have the key. (More than one person needs to know that decryption key. People really do get into accidents, quit their jobs, etc.)

Related Questions

I\'m doing a hangman game on PROLOG. The program assigns a word \"hidden\" and t
Question #3866985
I\'m doing a lab on Separation by floatation, first we used the geothite and san
Question #901051
I\'m doing a lab on standing waves in a vibrating wire. I had to determine the t
Question #1467510
I\'m doing a lab report and we are seeing two different methods of calculation t
Question #1649568
I\'m doing a lab report determination of ascorbic acid in vitamin C tablet. The
Question #948066
I\'m doing a marketing plan on how Apple can improve their products below is the
Question #471715
I\'m doing a math project where I\'m doing a two proportion test I have to use r
Question #3313684
I\'m doing a microcontroller lab and i\'m stuck at the section where I need to m
Question #3760330
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m facing a challenge understanding how to program a web version of a card gam
Next
I\'m fairly certain they are but are these two drawing of the EXACT same molecul

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.