Security issues with public CA and signing certificates?

Alan DeKok aland at
Sat Mar 9 14:24:51 CET 2019

On Mar 9, 2019, at 7:21 AM, June Murderer <june.murderer at> wrote:
> By googling I was able to download the exact CA certificate we use and I was also able to download one of the three signing certificates (I suppose the root), so probably the two signing certficates I wasn't able to find are the intermediate ones.
> However, on iOS, whenever I download the configuration profile I can see all the info of the CA certificate and the three signing certificates.
> Would be possible for someone with major hacking skills to deploy the server certificate by downloading or creating the signing certificates with all these informations (not sure whether the private keys can be found)?

  If you don't have the private keys, you can't create a server certificate.

  The CA certs are public for a reason.  The information in them can't be used to do anything nefarious.  You need the private keys.

  Alan DeKok.

More information about the Freeradius-Users mailing list