Compromised private keys
Use this topic to understand what a compromised private key is and what actions to take if your private key is comprised.
Private keys are used in client and server certificates to identify one end or both ends of communication transactions as well as to encrypt and decrypt the information that is being communicated. A private key is compromised when an unauthorized person obtains the private key or determines what the private key is that is used to encrypt and decrypt secret information. The compromised key can be used to decrypt encrypted data without the knowledge of the sender of the data.
If your private key is compromised and your certificate is signed by a certificate authority, notify your certificate authority and have your key placed on a Certificate Revocation list. This action will inform the appropriate audience that the private key is compromised and the public key has been revoked. You can subsequently generate a new key pair and obtain a new certificate for the public key.
If the certificates are installed and controlled by another management system, for example, a Flex System CMM refer to the documentation that came with your server for the procedures to remove, generate and install the certificates. The following illustration shows the warning message displayed when the certificates are installed and controlled by the CMM.
- See Configuring the Secure Shell server for information about generating a replacement Secure Shell (SSH) Server Private Host Key
- See Configuring LDAP for information abut removing and installing trusted certificates for the IMM2 LDAP client.
- See SSL certificate handling for information about generating a replacement SSH Sever Private Host Key.