20Şub
Does distributing an SSL certificate and private key pose a security risk?
I found some applications bundle an SSL certificate and associated private key signed by a public CA for a domain name pointing to 127.0.0.1, probably to bypass the certificate/mixed content warning on their local server. Example
I also found services like https://get.localhost.direct/ that provide a certificate for *.localhost.direct, which points to 127.0.0.1.
Aside from violating the certificate subscriber agreement (which usually requires private keys to be kept confidential), does publicly distributing certificates and their related private key pose security risks other than the attacker being able to spoof the domain name?
