Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Would there be a security issue with storing the SSL cert for your web app in the source code repository, SO LONG AS you were NOT storing your private key as well?
I’m a little spoiled by how easy it is to use source control to make a backup of such things, and want to make the most of it, but I also don’t want to be sloppy about its use, or endanger security.
No. The certificate is public; the server will present it during every SSL handshake, and some CAs even maintain a public repository of all of the certificates they issue. There’s no need to try to keep a certificate secret.
The private key, on the other hand, must be kept secret. And, if you were trying to authenticate someone (“two-way SSL” or client authentication), you would need to integrity protection for your root certificates. If you were to store this material in your revision control system, it should be protected with strong password.