What happens if the private key of a Certificate Authority(CA) like Verisign is leaked?
Solution 1:
Question:
What will happen if the private key of a CA is leaked?
Meet answer:
make fake certificates for any other website
Solution 2:
Yes.
Verisign and other trusted root authorities keep their keys heavily protected because their entire business relies on having a trustworthy certificate.
If a leak were to happen, it wouldn't be long before Microsoft, Mozilla and the other vendors who keep lists of trusted CAs would remove the compromised certificate from their lists of trusted certificates, however the risk would still be there.
Solution 3:
Actually, if you had a CA's private key, you could make real, but illegitimate, certificates. There would be nothing fake about them, except that they wouldn't be made by the CA.
Presumably those people who maintain lists of trusted CA certificates would remove the compromised key, and the CA would have to create a new key (trivial), make sure this one's more secure (definitely not trivial), and distribute new certificates. In the meantime, not everybody would get the new list without the old root cert but with the new root cert, and the certificate infrastructure would be even shakier than it is now.
Solution 4:
If a private key for a CA was leaked they would likely revoke the key. This is assuming that you are talking about one of the keys that a CA uses. Normally a CA has a master key which signs several other keys which are used by trusted authorities that are authorized to sign CSR's for customers.
If a CA lost their root level private key used to sign then anyone using it could create a fake certificate and SSL would pretty much be useless until all browsers released an update with a new list of trusted CAs.