• Services:
Private keys on the web server - that's not a good idea.
Private keys on the web server - that's not a good idea. (Bild: Hanno Böck)

HTTPS: Private Keys on Web Servers

Private keys on the web server - that's not a good idea.
Private keys on the web server - that's not a good idea. (Bild: Hanno Böck)

Each certificate for encrypted HTTPS connections has a private key. But what happens if the private key finds its way onto the web server - and is no longer private? We found various web pages that allow downloading their private key.

Dieser Text ist auch auf Deutsch verfügbar.

Customers of the free mail provider Firemail were surprised by an error message some days ago: The certificate for the web page firemail.de was invalid. Comodo had revoked it after we found out that the corresponding private key could be downloaded from the page.


Firemail wasn't the only one with this problem. We found a number of web pages where the private key was no longer private and was accidentally published on the web server. We were able to obtain private keys for 90 valid web page certificates. We obtained them by simply trying out common filenames for keys. In the case of Firemail the filename was "server.key".

File names from popular web instruction guides

Other filenames for private keys were privatekey.key, myserver.key and key.pem. But the most successful search was for filenames of the schema [domainname].key. All these filenames are used in instruction guides that can easily be found with a Google search.

Every web page certificate has a corresponding private key. As the name indicates this key needs to remain private and should never fall into the hands of unauthorized people. Otherwise the HTTPS protected connection is no longer secure. An attacker can use the private key to perform a man-in-the-middle attack and therefore read and manipulate data.

When a certificate authority learns about a compromised certificate then it should revoke it. The OCSP protocol allows checking whether a certificate has been revoked.

OCSP has some problems. In the past browsers have implemented OCSP in a soft fail mode. If a connection to an OCSP server failed then the browser still accepted the certificate as valid. As this hardly provides any security the developers of Chrome have decided to disable OCSP altogether. Better revocation checks could be implemented with a combination of OCSP stapling and the must-staple extension for certificates, but the support for OCSP stapling in common web servers is only rudimentary.

While OCSP only provides limited utility it is still the common mechanism with which certificate authorities can signal that a certificate is no longer valid.

24 hour deadline for compromised certificates

According to the Baseline Reqirements, a set of rules that certificate authorities and browser vendors have agreed upon, certificate authorities shall revoke certificates within 24 hours if a key is compromised.

We informed the corresponding certificate authorities about all the certificates and private keys we found. In most cases this simply works by e-mail. Symantec and its subsidiaries and the company Gandi use a web form for those contacts. In the case of Symantec it is necessary to solve a captcha in order to send the form.

Notable is the way Let's Encrypt handles revocations. The free certificate authoritiy automates certificate issuances with the ACME protocol. The revocation of certificates is also automated. Whoever owns the private key to a certificate can revoke it. The tool Certbot can be used for this.

Mozilla recently has investigated how reporting mechanisms for compromised certificates work. In their CA Communications that is sent regularly to certificate authorities they asked them how to best report such problems. A list of the answers is available online.

Many certificate authorities don't seem to take the 24 hour deadline very seriously. Almost all affected certificate authorities - Comodo, DigiCert, Gandi, Globalsign, Go Daddy and Symantec - took longer than 24 hours for some revocations. To be fair: One of our reports was sent on a Saturday. But the Baseline Requirements rule doesn't have an exception for weekends. Apart from Let's Encrypt only StartCom always reacted within 24 hours. But currently StartCom certificates aren't accepted by popular browsers.

Gandi and Globalsign took particularly long to revoke certificates. Globalsign needed four days to revoke a certificate reported to them. Gandi doesn't operate its certificate authority, it is operated by Comodo. After Comodo learned about this incident they immediately revoked the certificates.

New certificate with old key

A particularly odd case happened with a certificate issued by Comodo. They revoked the certificate shortly after it had been reported, but then issued shortly after that a new certificate with the same private key. After we reported this to Comodo we learned that the same problem occured with a second certificate. In both cases Comodo revoked these new certificates immediately.

This incident shows that data on web servers is an underestimated security risk. Recently we had reported that the German postal service ("Deutsche Post") and many other companies had made private customer data available as SQL dumps. Also Git repositories in web directories often are the reason for private data like passwords being made public.

Private keys for valid certificates were recently also found in other places. The software developer Koen Rouwhorst found a private key embedded in an application from Cisco. Similarly a private key was also included in a software from Spotify. Rouwhorst also found various private keys in Github repositories.

eye home zur Startseite


  1. Stadtwerke München GmbH, München
  2. SSI Schäfer Automation GmbH, Giebelstadt bei Würzburg
  3. Münchener Verein Versicherungsgruppe, München
  4. likeyaa c/o Tellja GmbH, Frankfurt

  1. 69,99€
  2. 19,99€
  3. 44,99€ statt 59,99€
  4. (-15%) 25,49€

Folgen Sie uns

  1. Kopfhörer

    Sennheiser baut über 180 Stellen ab

  2. Lieferservice

    Online-Lebensmittelhändler Picnic kommt nach Deutschland

  3. Analog

    Beim UKW-Radio droht eine Sendepause

  4. Star Wars Battlefront 2

    Sternenkrieger bekommen für Geld nur kosmetische Extras

  5. Phantom Gaming

    Asrock wird zum Grafikkarten-Hersteller

  6. Wochenrückblick

    Lara und Angela sind zurück

  7. Amazons virtuelle Dash-Buttons

    Verbraucherschützer prüfen rechtliche Schritte

  8. Huawei

    Bei Enterprise-Hardware "waren wir früher ein Niemand"

  9. Strafe verhängt

    Diese Nutzerdaten teilt Whatsapp weiterhin mit Facebook

  10. Linux-Kernel

    Mainline-Support für Android offenbar keine hohe Priorität

Haben wir etwas übersehen?

E-Mail an news@golem.de

Fukushima-Kernschmelze: Die Technik tat genau, was sie sollte
Die Technik tat genau, was sie sollte

Julia Reda: Mit Datenschutz gegen Werbemonopole
Julia Reda
Mit Datenschutz gegen Werbemonopole
  1. Urheberrecht Bär lehnt Leistungsschutzrecht strikt ab
  2. EU-Urheberrechtsreform Kompromissvorschlag hält an Uploadfiltern fest
  3. Axel Voss "Das Leistungsschutzrecht ist nicht die beste Idee"

Netzbetreiber: 5G kommt endlich in die Umsetzungsphase
5G kommt endlich in die Umsetzungsphase
  1. Mobilfunk 5G-Frequenzen in EU ab 2020 für bis zu 20 Jahre verfügbar
  2. Fraunhofer-Institut Berliner 5G-Forscher geben Fördergeld für Glasfaser aus
  3. T-Mobile US Telekom-Tochter kündigt landesweites 5G-Netz an

  1. Re: Tja. man könnte UKW auch einfach abschalten

    Spaghetticode | 18:31

  2. Re: +1 Re: Super Beitrag!

    osolemio84 | 18:29

  3. Re: Preiserhöhung von 25 bis 30 Prozent

    sn0 | 18:28

  4. Re: Der Preis ist wirklich attraktiv...

    pica | 18:26

  5. Re: Krasse Verharmlosung.

    ArcherV | 18:24

  1. 13:28

  2. 12:22

  3. 11:18

  4. 11:49

  5. 11:24

  6. 09:02

  7. 15:28

  8. 14:40

  1. Themen
  2. A
  3. B
  4. C
  5. D
  6. E
  7. F
  8. G
  9. H
  10. I
  11. J
  12. K
  13. L
  14. M
  15. N
  16. O
  17. P
  18. Q
  19. R
  20. S
  21. T
  22. U
  23. V
  24. W
  25. X
  26. Y
  27. Z
  28. #
    •  / 
    Zum Artikel