7

I currently use a server SSL certificate without a pass-phrase in order to allow Apache to start up unattended.

There are signs from customers to require us to protect the SSL certificate more securely. I'm not sure yet what they are aiming for, but for now I guess that they don't want an unprotected SSL certificate on the disk. I suppose I can't avoid having it in the clear inside Apache's memory but let's assume that's acceptable.

I came up with an elaborate system to keep the pass-phrase in the memory of a process on an internal server (i.e. not on the front-line web server) and hand it over to the front-line server using an Apache SSLPassPhraseDialog (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslpassphrasedialog). The internal server will have to have the pass-phrase typed in to it when it starts, and we'll have multiple such servers load-balanced for high availability.

My question is:

  1. How do the "big boys" protect their SSL certificate? Do they just force their stuff to type the pass phrase on server restart or do they keep it unencrypted like the rest of us?
  2. My experience with open source is that there is a very good chance that someone has already solved whatever problem I face - is such a system available already?
  3. Would it be reasonable, from business level perspective, to just say that we keep the certificate unencrypted and just have rapid procedures to revoke it if stolen?
Amos Shapira
  • 839
  • 2
  • 11
  • 23

2 Answers2

4

I would say that the "big boys" do SSL offloading onto clustered front end load balancers, since that's what I do and I'm no where near a "big boy".

I found these instructions on httpd.apache.org on removing the passphrase dialog, which you have likely seen if you googled the problem, which I assume you have.

The problem with revocation is that you're at the mercy of the signing CA to hurry up and deal with your problem. If you pay a lot for your certs, I'm sure their service is very positive. I'm not certain how it would be for some of the smaller wholesalers. Maybe someone else could chime in.

Matt Simmons
  • 20,218
  • 10
  • 67
  • 114
  • Just for curiousity/research sake, can you post what hardware/software setup you're using for the SSL offloading. I've done some googling but there are a lot of options and I always prefer hear a 1st hand recomendation. – einstiien Feb 02 '10 at 05:57
  • 1
    Sure. I'm using Kemp Loadmaster 1500s (which has been succeeded by the 2000). When you get two of them, they do high-availability clustering with automatic failover. They provide a wide array of weighting and service checking for their load balancing, and they provide SSL offloading. They store the key internally, so I'm not certain how secure they are, but you could talk to their engineers. I do _not_ work for them, but they've made my life easier, so I like telling people about it – Matt Simmons Feb 02 '10 at 12:42
  • In that system we did SSL off-loading on the Citrix NetScaler for other services but this particular service required the SSL connection to terminate on the servers themselves (since they do TCP packet inspection). – Amos Shapira Mar 29 '12 at 22:38
4

Lets review Public Key Infrastructure basics first in a hierarchical PKI model.

  1. A public key is an encryptor/locker, and embedded into a certificate created by a certificate authority.
  2. A private key is a decryptor/unlocker used in conjunction with a public key.
  3. Public keys, and certificates have no confidentiality requirements.
  4. Private keys have confidentiality requirements

Therefore, your concern with Apache should be around the private key, not the public key. The typical way a security engineer might protect a private key is to use a hardware security module. A hardware security module (HSM) can come in many form factors including a smartcard, a PCIe card, a PCI card, a USB dongle, a USB stick, a network based HSM, or others. Accordingly, these can cover a large amount of budgets and security capabilities.

There are some HSMs that have validated security implementations such as FIPS 140-2 in levels 1 (software generally) 2 physical (tamper resistance) 3 physical (tamper resistance & intrusion response) and 4 physical (tamper resistance, intrusion response and key zeroization).

To evaluate if your business should do something, I'd look at doing a cost benefit analysis & a risk assessment that includes ALE, ARO, and SLE calculations. However, if you are doing business over the web, it might be better to bring in a web security professional to evaluate all of your infrastructure and come up with a consolidated list of vulnerabilities and weaknesses, with a prioritized remediation plan that you can work with your management.

Brennan
  • 1,388
  • 6
  • 18
  • Thanks for the references. I moved on from that position since I asked this question but will try to follow the keywords you provide. – Amos Shapira Mar 29 '12 at 22:36