so, if OP ran a hosting service on the side that would make it ok? That doesn’t make any sense in the context of the argument being made against him.
In both scenarios somebody else has your private keys, and you do not. The only difference as I see it is that OP has a little open source helper project, while AWS is a big corp…so there is an implied trust level difference for sure.
What I think would be a more cogent suggestion would be (when using the in browser crypto suite he is using) that it ouput the private key to the file system (or make it an in browser download from itself) so at least you have your private keys.
At any rate, he’s made the option available to upload your own csr, so the argument is moot. The FTP creds thing is a judgement call…I don’t have a fully formed thought on that.
on a LAN/DNS that we control, we can do what we want. Hijacking somebody’s cert, setting up a fake server, and DNS poisoning are about the most circuitous means by which to spy on users in a network you control.
It's all about the following question: "Does person X need the private key for the proper function of the TLS/certificate?" And, seriously, generating the private key isn't really needed for that..
@Osiris is right.
AWS is essentially on some way or another a webserver and an HTTPS enabled webserver needs a cert with the key so that HTTPS cons can be established.
while any “normal” CA might give you the option of letting them generate the keys for you, this is usually discouraged and they let ppl just add ín their CSR.
