Security
Keys
Advanced
SSL key management-protect private keys
Secure SSL private keys, backup safely, rotate periodically, and use HSM for high-security environments.
UnderHost NOC
Network Operations
SSL private keys are secrets. If compromised, attackers can impersonate your site. Protect keys with same care as passwords.
Protect private keys
- Never share or paste private keys online
- Restrict file permissions: chmod 600 private.key
- Store on servers with restricted SSH access
- Don't commit to public GitHub repositories
- Use HSM (Hardware Security Module) for critical sites
Backup keys safely
# Encrypt backup before storing
openssl enc -aes-256-cbc -in private.key -out private.key.encKey rotation
- Generate new CSR with new private key
- Request replacement certificate from CA
- Install new certificate and key
- Safely remove old keys
Private keys are permanent secrets
Never post in logs, errors, or support tickets. If exposed, revoke certificate immediately.
Related: SSL errors | CSR generation
Was this article helpful?
Need security-focused hosting?
UnderHost services include DDoS-aware infrastructure, SSL support, account isolation, backups, and security guidance.
