SSL/TLS Private Key
Service Name: SSL/TLS Certificate Private Key
Service Description: SSL/TLS private keys are cryptographic keys used in the SSL/TLS protocol to secure communications over a network. They are paired with public certificates to establish encrypted connections between clients and servers, ensuring data confidentiality, integrity, and authentication.
Service Address: Not applicable - used across various web servers and services
Validation Type: NHI Enriched
IP Allow list: Does not exist at the key level. Access restrictions are managed at the server or service level where the key is deployed.
Secret Access Scope: Grants the ability to decrypt traffic encrypted with the corresponding public certificate, potentially allowing interception of secure communications. Also enables impersonation of the server identity if the corresponding certificate is obtained.
Secret Revokement URL: Does not exist directly. To revoke, you must revoke the associated certificate through your Certificate Authority.
Secret Example:
Suspicious Activity Investigation Instructions:
- Check server logs for unauthorized access attempts or unusual connection patterns.
- Review access logs to identify who might have accessed the server where the private key is stored.
- Verify if the private key has been copied to unauthorized locations or systems.
- Check for any unauthorized certificate issuance using the compromised private key.
- Monitor for any man-in-the-middle attacks or unexpected TLS/SSL errors reported by clients.
Mitigation Instructions:
- Generate a new private key and certificate pair immediately.
- Revoke the old certificate through your Certificate Authority.
- Update all servers and services with the new certificate and private key.
- Implement proper key storage practices (use hardware security modules or secure key vaults).
- Restrict file permissions on private key files to only necessary service accounts.
- Consider implementing certificate rotation policies.
- Enable certificate transparency monitoring to detect unauthorized certificate issuance.
- Review and update access controls for systems storing private keys.