After at least the last two certificate renewals the certificate exported (as a task after the renewal process) includes the private key as the first entry in the created PEM file. It’s a concern because clients download the certificate which includes the private key.
I didn’t notice this until today when connections started failing because the DSR root certificate has now expired. It’s also a concern because the certificate is invalid and any legitimate client will reject it. As a result, clients did not update to use the new certificate when the certificate was automatically renewed on Sept 11th. This has has meant that the certificate path has been wrong on clients leading to the error today.
Several CTW tasks are run after the certificate is renewed: to export the certificate (full path not including the private key) to cert.pem, to export the private key to pkey.pem and then to restart the mail server (hMailServer).
After noticing the issue I started CTW which prompted me to update to 5.5 - and I did. After the update I renewed the certificate manually. When I opened the exported certificate file using a text editor the private key was again at the beginning of the file. After removing the private key from the certificate file clients have begun working again. I have checked that the certificates in the exported chain are the correct ones (no DST).
So my question is: why is the private key being included with the certificate export? Again, the export option being used is “PEM - Full certificate chain”. Is the private key supposed to be exported when using this option?
Yes, we should rename that option. You want “Primary certificate + intermediate certificate chain” or “Intermediate certificate chain + Root CA” (or perhaps we need a different option). You may be able to just use the Apache export instead of using the Export Certificate option.
Thanks. Yes, to me the current name is misleading. It makes no reference to a key only to the chain while other options do explicitly mention the key.
The reason for using the “Full” option (besides it sounding like an appropriate one) is the concern that, come the 30th (today) the DST certificate would be invalid. By including the full chain old phones (and we have many used across our family) would have access to the root certificate even if it is not installed on the old phone.
It seems that by not having an option to export the full certificate chain (or a full chain that is not invalidated by the inclusion of the private key) old phones are at risk of having the mail server certificate rejected. Do I have this wrong?
No I completely agree that our labelling is not ideal, however the services using the file are expected to parse it, and there is no conceivable circumstance where a private key would actually go from a pem file to a client computer via tls.
Some products needed it all bundled in one file which is why it is how it is, but clearly we need another conventional full chain option and this one should be renamed. You could export just the cert and the intermediate+ root, it depends how you then consume them (some apps split cert and chain in their config, some don’t).