Changes

Jump to navigation Jump to search
Line 22: Line 22:  
* In the absence of HSMs, risk mitigation measures should include effective monitoring and auditing of the system so that private key compromise can be detected as early as possible followed immediately with revocation of the associated server certificate.
 
* In the absence of HSMs, risk mitigation measures should include effective monitoring and auditing of the system so that private key compromise can be detected as early as possible followed immediately with revocation of the associated server certificate.
 
<br>
 
<br>
Per the [[Media:Recommendations for TLS Server Certificates.pdf|Recommendations for TLS Server Certificates]], “care must be exercised when using multi-domain and wildcard certificates to ensure collateral damage is minimized in the event of private key compromise.  Copying the same private key to multiple web servers is strongly discouraged unless appropriate risk mitigation measures are in place such as using CSE approved Hardware Security Modules to protect the private key.”
+
Per the [[Media:Recommendations for TLS Server Certificates.pdf|Recommendations for TLS Server Certificates]] [PDF], “care must be exercised when using multi-domain and wildcard certificates to ensure collateral damage is minimized in the event of private key compromise.  Copying the same private key to multiple web servers is strongly discouraged unless appropriate risk mitigation measures are in place such as using CSE approved Hardware Security Modules to protect the private key.”
 
<br><br>
 
<br><br>
 
Download the Recommendations for TLS Server Certificates.pdf:  
 
Download the Recommendations for TLS Server Certificates.pdf:  
 
[[File:Pdf icon.png|75px|left|link=file:Recommendations for TLS Server Certificates.pdf]]
 
[[File:Pdf icon.png|75px|left|link=file:Recommendations for TLS Server Certificates.pdf]]
 
<br><br>
 
<br><br>
<br><br>
+
<br>
 
<br><br>
 
<br><br>
  
263

edits

Navigation menu

GCwiki