12

The Apache mod_ssl documentation for the SSLCertificateFile and SSLCertificateKeyFile directives states that it is 'strongly discouraged' to store a private key and an SSL certificate in the same file.

Now obviously the private key file should be kept secure, but assuming that is the case, are there any specific risks in storing a certificate in the same file? I am curious to know why this behaviour is supported, and yet strongly discouraged without explanation.

Vortura
  • 360
  • 2
  • 9

2 Answers2

18

The SSL Certificate File is a lock.
The SSL Certificate Key File is its key.

Storing the two together is the equivalent of taping your key to the lock on your front door.
If an attacker compromises the single file they have everything they need to successfully impersonate your website (the certificate, and the private key).

This is especially true if you do not have a passphrase on your SSL key (many web servers don't, to allow them to automatically start up in the event of a crash).


What you're defending against by separating the files is an Apache bug that causes it to dump the contents of the SSLCertificateFile (something that should be publicly available) to a web client.
(To my knowledge no such bug exists, or has ever existed, but Apache is a large, complex piece of software. It's entirely possible.)

If Apache dumps this file and all it contains is the SSL Certificate (the lock) there's no problem: Everyone gets a copy of that certificate when they make an SSL request to the server anyway.
If the file contains the key as well you've blown any chance at security - your entire encryption model is compromised, and you need to change keys.

voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • Thanks, the theoretical bug that causes the web server to serve up the private key along with the public cert was my best guess too. I don't really agree that putting the key and cert in the same file is equivalent to taping the key to the front door, but equally, I can't think of a good reason to do it. – Vortura Jun 10 '13 at 18:06
  • 1
    It's probably not as bad as taping the key to the door - maybe closer to sticking the key on the top of the doorframe, or using one of those hide-a-key rocks :-) – voretaq7 Jun 10 '13 at 18:13
  • "Storing the two together is the equivalent of taping your key to the lock on your front door." Not a very strong argument. Even if two separate files, "most of the time" they are stored each one alongside the other, with same permissions. So having the content in one file or 2 makes little difference in security sense. Your example is Apache dumping specifically this content, and if there is a bug, it could as well dump the key, even if stored separately. So again no real differences in practice. – Patrick Mevzek Mar 28 '22 at 00:13
8

Old versions of OpenSSL required two separate files (public and private). Old versions of other crypto engines required a single file (both in the same file). In the "spirit" of compatibility (aka "Admin's whinging about the inconsistency and having to maintain two sets of certificates), most now support both.

Storing both certificates (also the key chain) in a single file is discouraged as the different certificates have different scopes. It's more of a consistency issue than a technical one, where the public certificate should have publicly readable file permissions, and vice versa for the private. There's no danger in keeping your public certificate under lock and key on your systems, it's just inconsistent with its purpose.

Pang
  • 273
  • 3
  • 8
Chris S
  • 77,337
  • 11
  • 120
  • 212