If you’ve ever wondered what could be the value of a single Let’s Encrypt certificate.
Needed an screenshot for a demo … and picked
whitehouse.gov It could be the first LE cert as the issuer has changed recently.
(my laptop is too small to show all the domain names - and the screenshot looks best)
whitehose.gov uses DigiCert not let’s encrypt based on the certificate path root
that’s true for the main web domain. But there are some pretty chunky gateways for subdomains using Let’s Encrypt.
What struck me was the risk of compromising a single private key. Just in a narrow sense of phishing, it would allow you to launch phishing attacks targeting users of many US gov departments.
… but I was told that that is a common network configuration. So nothing to worry about, really, I’m just imagining things.
It’s true it’s usually a bad practice to use the same private key on different server, but, it that specific case, you notice that all domains are about “search”, so they most probably all points to the same server with the search software installed
they don’t but hey, IP addresses can change within seconds/minutes. But you have scores of domains that can all be compromised in one strike.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.