Skip to content

TLS/SSL Private Key

Service Name: Transport Layer Security/Secure Sockets Layer

Service Description: TLS/SSL private keys are cryptographic keys used in the TLS/SSL protocol to establish secure encrypted connections between clients and servers. These keys are essential for HTTPS websites, secure email communications, VPNs, and other secure network communications.

Service Address: Not applicable (used across multiple services and platforms)

Validation Type: NHI Enriched

IP Allow list: Does not exist (IP restrictions are typically managed at the server or application level, not at the key level)

Secret Access Scope: Grants the ability to decrypt traffic intended for the server, impersonate the server in TLS/SSL handshakes, and potentially intercept secure communications.

Secret Revokement URL: Does not exist (revocation requires generating a new certificate with a new private key and updating it on servers)

Secret Example:

Suspicious Activity Investigation Instructions:

  • Check server logs for unauthorized access attempts or unusual connection patterns.
  • Verify if the private key has been exposed in code repositories, logs, or other insecure locations.
  • Review access logs to determine who might have had access to the private key file.
  • Check for any unexpected certificate issuance using the compromised key.
  • Monitor for man-in-the-middle attacks or unexpected TLS/SSL certificate warnings.

Mitigation Instructions:

  • Generate a new private key and certificate immediately.
  • Revoke the old certificate through your Certificate Authority.
  • Update all servers and services with the new certificate and private key.
  • Implement proper key management practices:
  • Store private keys in secure, encrypted storage.
  • Use hardware security modules (HSMs) for critical keys.
  • Implement proper access controls for key files.
  • Set up regular key rotation schedules.
  • Audit and update your certificate management processes to prevent future exposures.
  • Consider implementing certificate transparency monitoring to detect unauthorized certificate issuance.