book cover

Bulletproof TLS Guide  

Comprehensive and yet concise guide to practical SSL/TLS and PKI configuration. Includes coverage of TLS server configuration and web application security. Written by Ivan Ristić.

1.1 Private Keys and Certificates

Private keys are the cornerstone of TLS security, but also one of the easier things to get right. These days, CAs aren’t allowed to issue certificates against weak keys, so that’s one less thing to worry about. But despite frequent focus on key sizes, the weakest link is usually key management, or the job of keeping the private keys private. We’ll touch upon that in this section. Equally important are certificates, which build upon the keys with important metadata, such as the permission to associate a certificate with a particular domain name.

< Prev
^ Table of Contents
Next >