Ars Technica

mod_ssl keeps forgetting private key password?

openssl req -new -out server.csr -newkey rsa:2048 -keyout server.key Gave the CSR to our inhouse CA and got back a cert, saved as server.cer. Put all the relevant paths into httpd-ssl.conf: Code: ...
Threat Post

Stealing Private SSL Keys Using Heartbleed Difficult, Not Impossible

Experts say it’s highly unlikely private SSL keys can be stolen by hackers using the Heartbleed OpenSSL bug, but not impossible. Heartbleed can be patched, and passwords can be changed. But can you ...
Ars Technica

Lavabit got order for Snowden’s login info, then gov’t demanded site’s SSL key

The American government obtained a secret order from a federal judge in Virginia demanding that Lavabit hand over its private SSL key, enabling authorities to access Edward Snowden’s e-mail—and e-mail ...