• IT-Karriere:

HTTPS: Private Keys on Web Servers

Each certificate for encrypted HTTPS connections has a private key. But what happens if the private key finds its way onto the web server - and is no longer private? We found various web pages that allow downloading their private key.

Dieser Text ist auch auf Deutsch verfügbar.

Customers of the free mail provider Firemail were surprised by an error message some days ago: The certificate for the web page firemail.de was invalid. Comodo had revoked it after we found out that the corresponding private key could be downloaded from the page.

Firemail wasn't the only one with this problem. We found a number of web pages where the private key was no longer private and was accidentally published on the web server. We were able to obtain private keys for 90 valid web page certificates. We obtained them by simply trying out common filenames for keys. In the case of Firemail the filename was "server.key".

File names from popular web instruction guides

Other filenames for private keys were privatekey.key, myserver.key and key.pem. But the most successful search was for filenames of the schema [domainname].key. All these filenames are used in instruction guides that can easily be found with a Google search.

Every web page certificate has a corresponding private key. As the name indicates this key needs to remain private and should never fall into the hands of unauthorized people. Otherwise the HTTPS protected connection is no longer secure. An attacker can use the private key to perform a man-in-the-middle attack and therefore read and manipulate data.

When a certificate authority learns about a compromised certificate then it should revoke it. The OCSP protocol allows checking whether a certificate has been revoked.

OCSP has some problems. In the past browsers have implemented OCSP in a soft fail mode. If a connection to an OCSP server failed then the browser still accepted the certificate as valid. As this hardly provides any security the developers of Chrome have decided to disable OCSP altogether. Better revocation checks could be implemented with a combination of OCSP stapling and the must-staple extension for certificates, but the support for OCSP stapling in common web servers is only rudimentary.

While OCSP only provides limited utility it is still the common mechanism with which certificate authorities can signal that a certificate is no longer valid.

24 hour deadline for compromised certificates

According to the Baseline Reqirements, a set of rules that certificate authorities and browser vendors have agreed upon, certificate authorities shall revoke certificates within 24 hours if a key is compromised.

We informed the corresponding certificate authorities about all the certificates and private keys we found. In most cases this simply works by e-mail. Symantec and its subsidiaries and the company Gandi use a web form for those contacts. In the case of Symantec it is necessary to solve a captcha in order to send the form.

Notable is the way Let's Encrypt handles revocations. The free certificate authoritiy automates certificate issuances with the ACME protocol. The revocation of certificates is also automated. Whoever owns the private key to a certificate can revoke it. The tool Certbot can be used for this.

Mozilla recently has investigated how reporting mechanisms for compromised certificates work. In their CA Communications that is sent regularly to certificate authorities they asked them how to best report such problems. A list of the answers is available online.

Many certificate authorities don't seem to take the 24 hour deadline very seriously. Almost all affected certificate authorities - Comodo, DigiCert, Gandi, Globalsign, Go Daddy and Symantec - took longer than 24 hours for some revocations. To be fair: One of our reports was sent on a Saturday. But the Baseline Requirements rule doesn't have an exception for weekends. Apart from Let's Encrypt only StartCom always reacted within 24 hours. But currently StartCom certificates aren't accepted by popular browsers.

Gandi and Globalsign took particularly long to revoke certificates. Globalsign needed four days to revoke a certificate reported to them. Gandi doesn't operate its certificate authority, it is operated by Comodo. After Comodo learned about this incident they immediately revoked the certificates.

New certificate with old key

A particularly odd case happened with a certificate issued by Comodo. They revoked the certificate shortly after it had been reported, but then issued shortly after that a new certificate with the same private key. After we reported this to Comodo we learned that the same problem occured with a second certificate. In both cases Comodo revoked these new certificates immediately.

This incident shows that data on web servers is an underestimated security risk. Recently we had reported that the German postal service ("Deutsche Post") and many other companies had made private customer data available as SQL dumps. Also Git repositories in web directories often are the reason for private data like passwords being made public.

Private keys for valid certificates were recently also found in other places. The software developer Koen Rouwhorst found a private key embedded in an application from Cisco. Similarly a private key was also included in a software from Spotify. Rouwhorst also found various private keys in Github repositories.

  1. 116,13€
  2. 229,99€
  3. 44,53€ (Exklusiv!) @ ubi.com
  4. 25,00€ (Bestpreis!)

Folgen Sie uns

iPad OS ausprobiert

Apple hat die erste öffentliche Betaversion vom neuen iPad OS veröffentlicht. Wir haben uns das für die iPads optimierte iOS 13 im Test genauer angeschaut.

iPad OS ausprobiert Video aufrufen
Smarte Wecker im Test: Unter den Blinden ist der Einäugige König
Smarte Wecker im Test
Unter den Blinden ist der Einäugige König

Einen guten smarten Wecker zu bauen, ist offenbar gar nicht so einfach. Bei Amazons Echo Show 5 und Lenovos Smart Clock fehlen uns viele Basisfunktionen. Dafür ist einer der beiden ein besonders preisgünstiges und leistungsfähiges smartes Display.
Ein Test von Ingo Pakalski

  1. Nest Hub im Test Google vermasselt es 1A

Indiegames-Rundschau: Epische ASCII-Abenteuer und erlebnishungrige Astronauten
Epische ASCII-Abenteuer und erlebnishungrige Astronauten

In Stone Story RPG erwacht ASCII-Art zum Leben, die Astronauten in Oxygen Not Included erleben tragikomische Slapstick-Abenteuer, dazu kommen Aufbaustrategie plus Action und Sammelkartenspiele: Golem.de stellt neue Indiegames vor.
Von Rainer Sigl

  1. Indiegames-Rundschau Von Bananen und Astronauten
  2. Indiegames-Rundschau Verloren im Sonnensystem und im Mittelalter
  3. Indiegames-Rundschau Drogen, Schwerter, Roboter-Ritter

Harmony OS: Die große Luftnummer von Huawei
Harmony OS
Die große Luftnummer von Huawei

Mit viel Medienaufmerksamkeit und großen Versprechungen hat Huawei sein eigenes Betriebssystem Harmony OS vorgestellt. Bei einer näheren Betrachtung bleibt von dem großen Wurf allerdings kaum etwas übrig.
Ein IMHO von Sebastian Grüner

      •  /