If You Lose Private SSL Key, What Happens?
SSL or Secure Socket Layer is a process of securing certain information by means of encryption. Encryption is like a mathematical process of decoding and coding certain information. Each of the SSL Certificate that is issued contains the public and private key pair. Both the public and the private key pair contain two cryptographic keys that consist of long and random numbers.
Basically, the private key contains the code and the public key is being used in order to decode it. As the name suggests, the public key is public, which means that it is available for everyone to access. On the other hand, the private key will remain confidential and only its respective owner knows the key. This key is installed right within the server and is definitely not shared with anyone. But what happens if you lose your private SSL key? What are the things that you need to do? Read this article to find out.
Purchase a New Certificate
Most of the Certificate Authorities will require you to acquire a new certificate if you ever lose yours. But it is best to talk with the customer service representative of the Certificate Authority before you make a purchase and see if you can do a negotiation and avoid having to spend again.
The Certificate Authorities often have an interface and will give you the ability to revoke your certificate through their customer service, but you must first prove that you are indeed the certificate holder. The process by which this is done will differ greatly from one Certificate Authority to another.
Have the Certificate Authority Revoke It
If you think that your private key has been lost or has been compromised, you must have your Certificate Authority revoke it, that way, someone will not be able to impersonate your website. But even if you do that, there are still instances that they will be able to decrypt the past traffic record with the use of that certificate, especially if you do not have the TSL or SSL connections secured within the cipher suites that are included on the Perfect Forward Secrecy.
Generate a Corresponding CSR
If you will generate a new private key, then you must generate a corresponding CSR or Certificate Signing Request that is based on such private key. This CSR file will contain your public key or certificate, as well as some other information that you need to key in when generating the CSR.
It does not have the private key and you must never send your private key to the Certificate Authority, just the Certificate Signing Request. As soon as the CA receives the certificate, they can sign it and will hand you back such signed certificate which you can then install on your TLS server.
Remember that the process of obtaining your Private SSL key when it gets lost will differ from one Certificate Authority to another. It is always a good idea to contact the customer support team of your Certificate Authority when you lose your private key.