How to protect an SSL certificate (Apache/CentOS)
I currently use a server SSL certificate without a pass-phrase in order to allow Apache to start up unattended.
There are signs from customers to require us to protect the SSL certificate more securely. I'm not sure yet what they are aiming for, but for now I guess that they don't want an unprotected SSL certificate on the disk. I suppose I can't avoid having it in the clear inside Apache's memory but let's assume that's acceptable.
I came up with an elaborate system to keep the pass-phrase in the memory of a process on an internal server (i.e. not on the front-line web server) and hand it over to the front-line server using an Apache SSLPassPhraseDialog (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslpassphrasedialog). The internal server will have to have the pass-phrase typed in to it when it starts, and we'll have multiple such servers load-balanced for high availability.
My question is:
- How do the "big boys" protect their SSL certificate? Do they just force their stuff to type the pass phrase on server restart or do they keep it unencrypted like the rest of us?
- My experience with open source is that there is a very good chance that someone has already solved whatever problem I face - is such a system available already?
- Would it be reasonable, from business level perspective, to just say that we keep the certificate unencrypted and just have rapid procedures to revoke it if stolen?
Lets review Public Key Infrastructure basics first in a hierarchical PKI model.
- A public key is an encryptor/locker, and embedded into a certificate created by a certificate authority.
- A private key is a decryptor/unlocker used in conjunction with a public key.
- Public keys, and certificates have no confidentiality requirements.
- Private keys have confidentiality requirements
Therefore, your concern with Apache should be around the private key, not the public key. The typical way a security engineer might protect a private key is to use a hardware security module. A hardware security module (HSM) can come in many form factors including a smartcard, a PCIe card, a PCI card, a USB dongle, a USB stick, a network based HSM, or others. Accordingly, these can cover a large amount of budgets and security capabilities.
There are some HSMs that have validated security implementations such as FIPS 140-2 in levels 1 (software generally) 2 physical (tamper resistance) 3 physical (tamper resistance & intrusion response) and 4 physical (tamper resistance, intrusion response and key zeroization).
To evaluate if your business should do something, I'd look at doing a cost benefit analysis & a risk assessment that includes ALE, ARO, and SLE calculations. However, if you are doing business over the web, it might be better to bring in a web security professional to evaluate all of your infrastructure and come up with a consolidated list of vulnerabilities and weaknesses, with a prioritized remediation plan that you can work with your management.
I would say that the "big boys" do SSL offloading onto clustered front end load balancers, since that's what I do and I'm no where near a "big boy".
I found these instructions on httpd.apache.org on removing the passphrase dialog, which you have likely seen if you googled the problem, which I assume you have.
The problem with revocation is that you're at the mercy of the signing CA to hurry up and deal with your problem. If you pay a lot for your certs, I'm sure their service is very positive. I'm not certain how it would be for some of the smaller wholesalers. Maybe someone else could chime in.