Security issues with public CA and signing certificates?
Alan DeKok
aland at deployingradius.com
Sat Mar 9 14:24:51 CET 2019
On Mar 9, 2019, at 7:21 AM, June Murderer <june.murderer at yandex.com> wrote:
> By googling I was able to download the exact CA certificate we use and I was also able to download one of the three signing certificates (I suppose the root), so probably the two signing certficates I wasn't able to find are the intermediate ones.
>
> However, on iOS, whenever I download the configuration profile I can see all the info of the CA certificate and the three signing certificates.
>
> Would be possible for someone with major hacking skills to deploy the server certificate by downloading or creating the signing certificates with all these informations (not sure whether the private keys can be found)?
If you don't have the private keys, you can't create a server certificate.
The CA certs are public for a reason. The information in them can't be used to do anything nefarious. You need the private keys.
Alan DeKok.
More information about the Freeradius-Users
mailing list