在源代码管理中存储 SSL 证书 [英] Storing SSL cert in source control

问题描述

将您的 Web 应用程序的 SSL 证书存储在源代码存储库中是否会存在安全问题，只要您没有存储您的私钥?

Would there be a security issue with storing the SSL cert for your web app in the source code repository, SO LONG AS you were NOT storing your private key as well?

我有点被使用源代码管理来备份这些东西是多么容易，并想充分利用它，但我也不想对它的使用马虎，或者危及安全.

I'm a little spoiled by how easy it is to use source control to make a backup of such things, and want to make the most of it, but I also don't want to be sloppy about its use, or endanger security.

推荐答案

没有.证书是公开的；服务器将在每次 SSL 握手期间呈现它，一些 CA 甚至维护他们颁发的所有证书的公共存储库.无需尝试对证书保密.

No. The certificate is public; the server will present it during every SSL handshake, and some CAs even maintain a public repository of all of the certificates they issue. There's no need to try to keep a certificate secret.

另一方面，私钥必须保密.而且，如果您尝试对某人进行身份验证(双向 SSL"或客户端身份验证)，则需要对根证书进行完整性保护.如果您将此材料存储在您的版本控制系统中，则应使用强密码对其进行保护.

The private key, on the other hand, must be kept secret. And, if you were trying to authenticate someone ("two-way SSL" or client authentication), you would need to integrity protection for your root certificates. If you were to store this material in your revision control system, it should be protected with strong password.

这篇关于在源代码管理中存储 SSL 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！