在源代码管理中存储 SSL 证书
只要您不存储私钥,将 Web 应用程序的 SSL 证书存储在源代码存储库中是否会存在安全问题?
使用源代码管理来备份此类内容是多么容易,我有点被宠坏了,并且想充分利用它,但我也不想草率地使用它,或危及安全。
Would there be a security issue with storing the SSL cert for your web app in the source code repository, SO LONG AS you were NOT storing your private key as well?
I'm a little spoiled by how easy it is to use source control to make a backup of such things, and want to make the most of it, but I also don't want to be sloppy about its use, or endanger security.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不需要。证书是公开的;服务器将在每次 SSL 握手期间提供它,一些 CA 甚至维护他们颁发的所有证书的公共存储库。无需尝试对证书保密。
另一方面,私钥必须保密。而且,如果您尝试对某人进行身份验证(“双向 SSL”或客户端身份验证),则需要对根证书进行完整性保护。如果您要将这些材料存储在修订控制系统中,则应使用强密码对其进行保护。
No. The certificate is public; the server will present it during every SSL handshake, and some CAs even maintain a public repository of all of the certificates they issue. There's no need to try to keep a certificate secret.
The private key, on the other hand, must be kept secret. And, if you were trying to authenticate someone ("two-way SSL" or client authentication), you would need to integrity protection for your root certificates. If you were to store this material in your revision control system, it should be protected with strong password.