Re: Certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On September 2, 2018 1:12:58 AM GMT+07:00, Rainer Duffner <rainer@xxxxxxxxxxxxxxx> :
>I’m pretty sure LE creates a new private key, too.
>From a cursory glance at lego’s certificate directory on a server with
>a couple of dozens of LE certificates at least.
> 
>After all, changing the private key is what this is all about (showing
>that you’re still in charge).

It doesn't hurt when the process is automated anyway but it's by no means necessary. The limited validity period limits how long an attacker can abuse the cert they should get hold of it. However if you have no reason to suspect a compromise, it's by no means necessary. It doesn't improve security (if you've been hacked in a way you don't notice, it's highly likely the new key would leave your system the same way the previous one did) and it's just one more thing that can go wrong of you so it manually.

Cheers,
Matthias
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux