How should I store and secure self-signed certificates?

Posted by Anthony Mastrean on Programmers See other posts from Programmers or by Anthony Mastrean
Published on 2014-08-18T20:09:11Z Indexed on 2014/08/18 22:31 UTC
Read the original article Hit count: 442

Filed under:
|

I'm fairly certain I shouldn't commit certificates into source control. Even if the repository is private and only authenticated coworkers (for example) have access to it. That would allow for accidental exposure (thumb drives, leaked credentials, whatever).

But, how should I store and secure certificates? I don't suppose I should just plop them on the network file server, for some of the same reasons I wouldn't put them into source control, right?

Is there some kind of secure certificate store that I can run? Does the Java "keystore" do that generally or is it specific for like weblogic servers or something?

© Programmers or respective owner

Related posts about security

Related posts about certificate