263
edits
Changes
Jump to navigation
Jump to search
Line 10:
Line 10: + + + + + + + + + + + + +
GC HTTPS Certificate Guidance (view source)
Revision as of 10:56, 5 November 2018
, 10:56, 5 November 2018→Certificate Recommendations and Guidance
<br>
<br>
For additional information, please see [[Media:Recommendations for TLS Server Certificates.pdf|Recommendations for TLS Server Certificates]] for GC Public Facing Web Services or contact TBS-CIOB Cybersecurity ([mailto:zzTBSCybers@tbs-sct.gc.ca zzTBSCybers@tbs-sct.gc.ca])
For additional information, please see [[Media:Recommendations for TLS Server Certificates.pdf|Recommendations for TLS Server Certificates]] for GC Public Facing Web Services or contact TBS-CIOB Cybersecurity ([mailto:zzTBSCybers@tbs-sct.gc.ca zzTBSCybers@tbs-sct.gc.ca])
<br><br>
===Wildcard Certificates===
It is recognized that wildcard certificates offer several advantages and they may be used where appropriate, however it should be recognized that wildcard certificates may introduce certain risks depending on how they are used.
<br>
* Sharing the same private key (certificate) among multiple web servers may introduce additional vulnerabilities that will need to be properly mitigated.
* Compromise through theft of the private key (certificate) would allow an attacker to establish rogue websites that will appear to belong to the domain protected by the wildcard certificate.
* Compromise of the private key renders all TLS sessions protected by that private key vulnerable; the use of a cipher suite supporting Perfect Forward Secrecy is recommended to avoid this issue.
<br>
GC Website owners must ensure appropriate risk mitigation measures are in place to minimize the risk of private key compromise.
* Use of FIPS 140-2 Level 2 or higher Hardware Security Modules is recommended where warranted by risk assessment or cost/benefit trade-off analysis.
* In the absence of HSMs, risk mitigation measures should include effective monitoring and auditing of the system so that private key compromise can be detected as early as possible followed immediately with revocation of the associated server certificate.
<br>
Per the [[Media:Recommendations for TLS Server Certificates.pdf|Recommendations for TLS Server Certificates]], “care must be exercised when using multi-domain and wildcard certificates to ensure collateral damage is minimized in the event of private key compromise. Copying the same private key to multiple web servers is strongly discouraged unless appropriate risk mitigation measures are in place such as using CSE approved Hardware Security Modules to protect the private key.”
<br><br>
<br><br>
===HTTP Public Key Pinning (HPKP)===
===HTTP Public Key Pinning (HPKP)===
