[HCoop-Help] when generating an X509 cert, is it important to keep the generated key.pem file private?

Adam Chlipala adamc at hcoop.net
Wed Dec 17 08:52:52 EST 2008


Daniel Wilkerson wrote:
> when generating an X509 cert, is it important to keep the generated
> key.pem file private?
>   

That depends.  If someone gets ahold of your key, he can impersonate 
your web site.  This only matters if you're using the "prove you're who 
you say you are" aspect of SSL.  Even if someone else knows your key, 
SSL communication is still encrypted.



More information about the HCoop-Help mailing list