What happens if you lose your private key?

SSL means the process of protection for certain information by using encryption. Encryption is a mathematical process of coding and decoding various data. Every SSL-certificate has a pair of public and private key. This pair comprises two cryptographic keys that contain long random number.

In general, the private key contains a pre generated code, and the public key is used to decipher it. As it stated in the name, the public key is public, i.e. anyone can access it. However, on the other hand, private key is confidential, therefore only the owner knows the key. This key is installed directly on the server and is not shared with anyone. But what happens if your SSL private key get lost? What you have to do?

Buying a new certificate

Most CAs require the purchase of a brand new certificate, if your certificate was lost. However, it would be a good idea to enquire with a customer service representative from the CA before make a purchase, to find out if you can solve this problem without buying a new certificate.

CAs often has the interface which allows you to revoke the certificate, however you will have to prove that you are the owner of the certificate before it can be revoked. The process of ownership verification may vary in different certification authorities.

If you a reasonable believe that your private key is lost or compromised, you should revoke it in your CA, so that no one can falsify your site. However, even if you do this, attackers will be able to decrypt your past traffic by using this certificate.

Generate the corresponding CSR

If you generate a new private key, it is also required to generate the CSR, based on this private key. CSR file will consist of your public key or certificate, as well as some other related information that you will need to write when generating the CSR.

This request does not require your private key, and you should not send it to your certification authority; send only the CSR. Once the CA will receive a certificate, he will be able to sign it and send it back – you can install a certificate on a TLS-server.

Remember that the process of issuance of the private SSL-key when it was lost will vary depending on the certification authority. It is best to stay in touch with your certification authority support team in case you have lost your private key.

Posted in CA, Reissuance Tagged with: , , , ,

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.