Good way to store domain CSR and KEY files

Posted by Bert Goethals on Server Fault See other posts from Server Fault or by Bert Goethals
Published on 2012-11-29T17:50:40Z Indexed on 2012/12/15 11:07 UTC
Read the original article Hit count: 266

Filed under:

certificate

|

configuration-management

For my company I'm starting to manage more and more domains; and with that more and more certificates for those domains.

What is a good way to store the basic KEY and CSR files generated? I was considering a git repo on our private code server. This does not seem secure enough though.

Would you suggest and other system, or how this can be done securely with a source control system like git?

Also: Does it make sense to store the CRT files and CA files in use?

© Server Fault or respective owner

Related posts about certificate

IIS SSL Certificate Renewal Pain

as seen on West-Wind - Search for 'West-Wind'
I’m in the middle of my annual certificate renewal for the West Wind site and I can honestly say that I hate IIS’s certificate system. When it works it’s fine, but when it doesn’t man can it be a pain. Because I deal with public certificates on my site merely once a year, and you have to perform… >>> More
apache Client Certificate Authentication errors: Certificate Verification: Error (18): self signed certificate

as seen on Server Fault - Search for 'Server Fault'
So I have been following instructions on setting up Client Certificate Authentication in Apache2 w/ mod_ssl. This is solely for the purpose of testing an application against CAA, not for any sort of production use. So far I've followed http://www.impetus.us/~rjmooney/projects/misc/clientcertauth… >>> More
Nginx and client certificates from hierarchical OpenSSL-based certification authorities

as seen on Server Fault - Search for 'Server Fault'
I'm trying to set up root certification authority, subordinate certification authority and to generate the client certificates signed by any of this CA that nginx 0.7.67 on Debian Squeeze will accept. My problem is that root CA signed client certificate works fine while subordinate CA signed one results… >>> More
How to find, whether the certificate is a private certificate or a public certificate

as seen on Stack Overflow - Search for 'Stack Overflow'
I have to write a MSI, where in i have to give only the public certicate. In case the user gives a private certificate, it should pop up an error message. >>> More
Developer certificate vs purchased certificate for WCF

as seen on Stack Overflow - Search for 'Stack Overflow'
I understsand that if I want to use authentication in WCF then I need to install a certificate on my server which WCF will use to encrypt data passing between my server and client. For development purposes I believe I can use the makecert.exe util. to make a development certificate. What is the… >>> More

Related posts about configuration-management

Configuration management in support of scientific computing

as seen on Server Fault - Search for 'Server Fault'
For the past few years I have been involved with developing and maintaining a system for forecasting near-shore waves. Our team has just received a significant grant for further development and as a result we are taking the opportunity to refactor many components of the old system. We will also… >>> More
Configuration management in support of scientific computing

as seen on Server Fault - Search for 'Server Fault'
For the past few years I have been involved with developing and maintaining a system for forecasting near-shore waves. Our team has just received a significant grant for further development and as a result we are taking the opportunity to refactor many components of the old system. We will also… >>> More
Centralised configuration management for basic linksys routers?

as seen on Server Fault - Search for 'Server Fault'
Does anyone know if its possible to install a custom router firmware, such as dd-wrt and then use a central config management tool to push/pull changes? The setup here involves each office having their own router, and as the 'ISP' we need to control/maintain router config. Just wondered if its been… >>> More
What CI server and Configuration Management tools I should use

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi ! What CI server and Configuration Management tools I should use together for a truly development and deploy maintenance. There isn't the de facto rails sustainable environment, is there? Some assumptions: • code control version ok - git (de facto tool) • test framework ok - whatever (rspec… >>> More
Why is there only one configuration management tool in the main repository?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
How is it that Cfengine does not exist in the Ubuntu (10.04 LTS) Main Repository? I can't find a discussion of this anywhere (using Google). The only configuration management in Ubuntu Main seems to be Puppet. I looked for a wide variety of others as well - all from Wikipedia's list of configuration… >>> More