
Ask HN: Found Wildcard AlphaSSL Cert Private Key of Large Webhoster – What Now? - b_streisand
I just stumbled upon the wildcard ssl certificate private key protecting the control panels of my (rather large) webhoster - it was world readable inside a common directory accessible by all tenants on the server.<p>The webhoster ignores my requests to revoke &#x2F; replace the certificate &#x2F; making this file not world-readable.<p>The certificate was issued by AlphaSSL.<p>What should I do?
======
dougbeattie
Hi B_streisand,

Please contact GlobalSign support, we'd like to understand your issue and take
corrective action.

[https://support.globalsign.com/customer/portal/emails/new](https://support.globalsign.com/customer/portal/emails/new)

------
ocdtrekkie
The cert issuer is required to revoke a compromised key, so I would contact
them. Note that you should probably have your stuff off that webhosts' servers
first, as they may feel inclined to retaliate.

------
gus_massa
At least consider changing your webhost.

