0

I am working on standardizing our server builds where we currently have three different functional pools.

For web pools I use the same IIS RSA key across all machines. It keeps life easy and allows the application.config file to be copied between servers without issue.

My question is, is there any issue of have all servers us the same RSA key, so there is only one key pair to maintain and use when standing up new servers?

Are there security concerns with doing this were the keys should be different in different functional pools?

Brettski
  • 521
  • 3
  • 8
  • 14
  • I feel as if it's a better idea to have the individual key pair for each server, so if one does get broken into, your other servers wouldn't be compromised? – Rivasa Feb 26 '14 at 20:49

2 Answers2

2

Main problem with sharing the same private key between several servers is that it implies that, at some point, necessarily, the private key travelled. The more a private key travels, the less private it becomes. But, of course, that's a general comment; actual context details matter.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • What is the way to do it so all the servers don't need the same private key? If you have one CSR do you have multiple private keys? – johnny Aug 13 '19 at 19:31
1

The main issue here is that if one server gets owned, all of your servers are compromised. If you're ok with that, then there's no problem but if that's not acceptable, you should really use different keys.

akirilov
  • 141
  • 3