[thelist] Certificate Theft ramifications

Sean@yahoo seanmgerman at yahoo.com
Tue Mar 5 17:57:01 CST 2002


A stolen cert would not be of much use.  Most of the information held by the
certificate is easily accessable if its from a public web site.  (Go to the
site, view cert. details.)

If you had the request and cert files, I suppose you could potentially crack
the files for the password used in creation of the request.  The technical
contact information might be useful if you're trying to steal employees.

Otherwise, if a stolen cert. was installed, you'd get a warning the address
doesn't match the common name in the cert.

Did I miss anything?

Sean G.

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Joshua Olson
Sent: Tuesday, March 05, 2002 4:55 PM
To: thelist at lists.evolt.org
Subject: [thelist] Certificate Theft ramifications

If someone was able to steal an ecommerce website's certificate request
(certreq,txt) and certificate (cert.txt), what sort of things could
potentially be exploited.

Thanks in advance,


Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the thelist mailing list