Worst-case-scenario: Risk of using Let’s encrypt (or another CA).
“Worst-case scenario”- hypothetical question here:
What do you consider the risks if some external malicious third party would be able to gain access/steal to the Let’s encrypt private root certificate key (and then possibly its consecutive intermediate certificates)?
Hypothetically, assuming that this worst case scenario happens successfully, a/my Server (i.e. a Synology NAS or other Servers) receive such “malicious” signed certificates from Let’s encrypt after another 90-day renewal period:
-What would the clients “see”/what would the browser show if they connected to such “malicious” certificate running on a server?
-Would the connecting clients see some error message?
-Could a malicious third party easily run Man-in-the middle or other attacks? Which ones exactly?
-Could a malicious third party easily gain access to client’s username/Password combinations transmitted to the server running such malicious certificate?
I am just trying to summarize which implications are to be expected in such worst case scenario.
Ideas/ specific knowledge welcome!