Certigna publishes SSL private key by mistake
A French provider of SSL certificates appears to have made a bit of a boo-boo in its webserver configuration: publishing its private key for the world to see, and opening up a potentially serious security hole in the world's web browsers.
SSL certificates serve two purposes on the Internet: to encrypt information, and to verify a webserver's identity. An SSL certificate is what is used to keep the password you log in to your Internet banking site private, and also serves to ensure that you're genuinely logging in to the bank's own server.
This latter function requires that certificate providers don't issue certificates willy-nilly, instead verifying that the person requesting the certificate has some control over the domain in question. This can be as difficult as a long-winded meetings with business executives, and as simple as placing a secret file somewhere on the web server.
To prevent random users from generating their own trusted certificates, each SSL certificate provider has a 'private key.' This is a piece of code which is kept completely secret, and which is used to sign each issued SSL certificate to validate that it has been issued by a trusted authority. These keys are usually closely guarded, as any certificate signed by the key from a trusted authority will be implicitly trusted by a web browser without displaying any warning messages.
