Where do companies typically store SSL certificates for future use?

certificate ssl-certificate best-practices

Solution 1:

There are multiple solutions:

One avenue is a specific key vault either a hardware based appliance, a hardware security module or a software based equivalent.

Another is to simply revoke the old key and generate a new one private/public key-pair when the situation arises. That somewhat shifts the problem from maintaining key security to securing the username/password of the account with the certificate provider and their procedures for re-issue. The advantage there is that most organisations already have a privileged account management solution e.g. 1 2

There are multiple ways of off-line storage, from printing a hard-copy of the private and public key-pair including the password (but that will be a female dog to restore) to simply storing them on digital media rated for long time storage.

Really bad places are GitHub, your team WiKi or a network share (and you get the idea).

Update 2015/4/29: Keywhiz seems an interesting approach as well.

Solution 2:

No, SSL certificates dont go in source control, at least not the private key part.

Treat them like you would a password. Ours actually get stored the exact same way our passwords do - in KeePass. It allows you to attach files, and is encrypted.

Related

How do I disable tomcat caching? I'm having weird static file problems
Do intermediate subdomains need to exist?
Recommended DNS TTL
How do I force NGINX to load new static files?
MySQL users changed their IP address. What's the best way to deal with this?
sed replace all tabs and spaces with a single space
How does one get setfacl to set ACL permissions recursively on Linux?
How to have nginx forward the HTTP_X_FORWARDED_PROTO header?
How do I get rsyslogd to log a server's FQDN instead of it's short hostname?
How to download public key from Amazon AWS?
Why doesn't Kosovo have its own ccTLD yet? [closed]
Retrieve current domain user's full name