Sharing certificate and EC private key to Third party company

Hello,

I have a client with a domain name, which is provided with a SSL certificate from Caddy running on one of our servers. The client have asked us to give them the certificate, and the EC private key file generated on the domain (and probably give it to a third party company).
However, we have 20+ other clients/domains on the same server, which have also received certificate from Caddy.

The question is: Is it dangerous for either us or the other clients if we share the EC private key file and the certificate file which are generated for that specific client?

Each EC private key file looks unique except the first 7-8 letters/numbers.

Best regards,

Santino Petrovic

Very dangerous, yes. If someone else has the private key, they can intercept all connections to your server and impersonate you. You’d be throwing away all security provided by TLS.

1 Like

Exactly… Never ever share the private key. Not ever.

2 Likes

Alright, then I won’t share the private keys. Thanks for the replies!

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.