just imagine you find your webservers private key - now known
to everyone-in the internet, and everyone knows it now:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
No problem - one can declare the associated certificate invalid!
For demnostration purpose we have closed the associated
certificate with our private key. The certificate is a so called
ServerPass certificate, issued by TrustCenter
Telesec (Deutsche Telekom) and has the serial n° 0663 ( certificate).
The up to date revocation list issued by the TrustCenter clearly
states the invalidity of the Certificate with the number 0663 (
revocation list). You are
also able to confirm the online validation on www.openvalidation.org (online validate certificate 0663, Popup-Validation).
If you enter a page on which there is a revoked certificate in
use, your browser should warn you. A hacker could have taken this
pages identity in order to pretend he is the owner of this page.
here and you will get to a SSL Page with a revoked key!
Besides: The choice of the TrustCenter and/or the certification body does not have
any influence on this test. This check could have been carried out equally with server certificates of
Verisign, Thawte or others.