Should you back up server SSL certificates along with your server backup or should you create a separate backup for the key alone?
There really isn't a right or wrong answer to this question. Ultimately, choosing whether to include the SSL certificate in your server backup or choosing to back the certificate up separately should be based on your own security needs. In any case, make sure that the certificate gets backed up somehow.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The idea of excluding a server SSL certificate from a server backup and then backing it up separately is based on security. SSL certificates are typically used as a mechanism for verifying a server's identity and/or for facilitating encryption. That being the case, someone could impersonate your organization or your server if they were to steal a copy of your SSL certificate. This is especially true for Subject Alternate Name certificates or for wildcard certificates, which can be used on multiple servers.
If you were to omit your SSL certificate from a server backup, you could effectively prevent someone from being able to steal the backup and then use it to create a rogue server that can convincingly impersonate one of your servers.
At the same time, however, this approach is probably only necessary for organizations that require the absolute highest levels of security. After all, backups are typically password-protected and so a backup tape would be useless to a thief unless they knew your backup password. Never mind the fact that some backup tapes are encrypted using a certificate that is installed to the tape drive as a way of preventing the backup from being read by an unauthorized tape drive.
It is also worth considering the fact that omitting an SSL certificate from your backup increases recovery time and complexity in the event that you have to perform a full system restoration. In that type of situation, you would have to perform two separate recovery operations in order to get the server back online.
Dig Deeper on Data backup security
Related Q&A from Brien Posey
Setting up Office 365 generally involves multiple devices. With nonpersistent VDI, the rules of the game change for IT admins.continue reading
Much has been said about the inability to scale storage separately from other resources in a hyper-converged system, but are there any advantages to ...continue reading
The definition of hyper-converged infrastructure has evolved as the technology has grown. But the phrase still means different things depending on ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.