The Backend Engineering Show with Hussein Nasser artwork

What happens when your Backend Web Server Certificate Private Key is Leaked?

The Backend Engineering Show with Hussein Nasser

English - March 28, 2021 04:02 - 24 minutes - 22.7 MB - ★★★★★ - 5 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Researcher bypasses Azure, and Cloudflare Reverse Proxy Security - HTTP/2 Smuggling (h2c)
Next Episode: PHP’s Source Code hacked - Two Remote Code execution added to the Git server, let us discuss

We have been told to take care of our private key that we use on backend servers without clear instructions as to what could happen when that key is leaked. In today’s backend engineering show I discuss exactly what could go wrong when your backend server private key is leaked. Let us discuss

Intro 0:00
What is a Certificate? 1:10
Where is the Private Key used? 4:10

TLS 1.2 with RSA 4:20
Why RSA no longer used 9:00
TLS 1.3 & TLS 1.2 Digital Signature 12:00


How often should you recycle Private Keys 19:00



Resources


https://blog.cloudflare.com/advanced-certificate-manager/


https://heartbleed.com/


https://cabforum.org/


https://en.wikipedia.org/wiki/DigiNotar


https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.0.0/com.ibm.mq.sec.doc/q009960_.html

---

Send in a voice message: https://anchor.fm/hnasr/message