So I have minimal knowledge of security really but I\'m a primary developer on a

Question

So I have minimal knowledge of security really but I'm a primary developer on an application which handles some sensitive data that we want to be secure. The application communicates with one other server (the other server is the front end, my server is basically the backend). Our security expert (who is not currently available) has explained that we need mutual SSL authentication for the connection between the servers. Our sysadmin has setup client side authentication and given me a .pem file and now if anyone tries to access the application they get an SSL error because they are not passing client SSL authentication. I need to give 1 other developer who is in another state the ability to access the application. Can I just send him the .pem file (say via email)? Do I need to make a .crt file and send that to him? Basically what information do I need to give the other developer so that he has all the necessary information to access the application. What is in a .pem file? Just the public key or more than that?

Explanation / Answer

If all you have is one .pem file to access the system then it sounds like the file contains both the certificate and the associated private key. You can verify this by opening up the file in a text editor and seeing that it contains both a "BEGIN CERTIFICATE" and a "BEGIN RSA PRIVATE KEY" section.

Ideally in this situation you would have your sysadmin generate a new certificate for the other developer. This would allow you both to access the system without sharing credentials.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.