Blog Posts 1-10 of 11
Certificate Key Lengths: Bigger is Better
As previously discussed, Microsoft issued a security advisory announcing they will block keys that are less than 1024 bits long. This feature will appear in an update for supported versions of Microsoft Windows (not affecting Windows 8 or Windows Server 2012; the functionality is already there) and, of course, you have to upgrade to this [Read More...]
Ensuring Compliance with Security Policy
If you are in the IT business, chances are you are subject to compliance and some form of security policy. One example our customers run into is ensuring they are moving from a 1024-bit key size to 2048-bit key sizes in their certificates. While most companies should have a policy in place to ensure they are only purchasing 2048-bit certificates, most are unable to ensure only purchasing-approved certificates are introduced into their environment. This may occur for the following reasons…
How Do I Find & Inventory My Certificates?
In previous posts, I’ve discussed why you’d want to inventory your certificates. Now let’s discuss how you can inventory your certificates.
Historically, we’ve found a lot of prospective customers using a spreadsheet to maintain a listing of certificates, owners and expiry dates. There are problems with this approach: data is manually collected; information becomes outdated quickly; often data that is required is not collected at all; and it’s also challenging to receive reliable email notifications from a spreadsheet.
What’s The Value of an Expiry Notification?
What would it cost your organization if an SSL certificate expired unexpectedly? I’ve heard from customers about all kinds of pain they’ve experienced as a result, such as:
- Website goes down and they are losing sales for half a day
- The responsible person being relieved of their responsibility
- Financial penalties due to contractual commitments (e.g., guaranteed uptime)
- Damage to corporate image due to perceived lack of concern
- Unnecessary overtime to expensive personnel to resolve the issue (because, of course, they rarely expire when you are in the office)
- I’ve even spoken to an organization who went through the pain twice; when they first “fixed” the issue, they missed their “hot backup” machine and again experienced the pain when they subsequently put their hot backup into emergency service
Top 3 Certificate Management Issues
I’ve spent a tremendous amount of time talking to customers about certificate management, and their certificate management problems consistently boil down to the following three issues:
1. Certificates Expiring Unexpectedly
Application owners lie awake at night worrying that an application will go down or be otherwise inaccessible, and there’s any number of reasons why this could occur. Do you identify with any of these?
What Are the Best Methods of Simplifying SSL Certificate Management?
This is the first entry in a five-part series that focuses specifically on SSL certificate management. Throughout the series, we’ll focus on the most popular challenges we hear from customers. When the series is completed, this post will be used as an index to all other related blogs entries.
Where are your digital certificates?
Over the years, Entrust has had many conversations with customers trying to improve or strengthen enterprise and customer security within the online channel. And one topic that repeatedly comes up is certificate discovery and management. Their specific challenges can be grouped into three distinct categories: Unexpected certificate expiry Concern about data breach or non-compliance Management [Read More...]
Powerful Servers Need Powerful Certificates
With our Entrust Certificate Services release yesterday, we made significant improvements in the way we offer multi-domain (or multi-SAN) certificates. Why is this significant to our customers? Back in 2007, with Microsoft adding new features such as AutoDiscovery to Exchange Server, the number of services each server needed to protect with SSL encryption started increasing. [Read More...]
The Importance of Key Backup!
On Tuesday, Aug 17th, Entrust is releasing a new version of it’s certificate management service, and included in that version among other things are new secure email certificates! We have 2 flavors launching: one for individuals that offers a low assurance ID with limited bells and whistles, and one for enterprises that offers a medium [Read More...]
Why Adobe CDS Certificates
Back in 2005, Adobe unveiled the Certified Document Services (CDS) program, which automatically trusts new digital IDs that are chained to (part of the family of) the Adobe Root certificate embedded in Adobe products. Anybody who opens a PDF document signed or certified by a CDS credential automatically gets a “blue ribbon” with trust provided to [Read More...]