SSL Certificate Management 1-5 of 5
What Are the Best Methods of Simplifying SSL Certificate Management?
This is the first entry in a five-part series that focuses specifically on SSL certificate management. Throughout the series, we’ll focus on the most popular challenges we hear from customers. When the series is completed, this post will be used as an index to all other related blogs entries.
Top 3 Certificate Management Issues
I've spent a tremendous amount of time talking to customers about certificate management, and their certificate management problems consistently boil down to the following three issues: 1. Certificates Expiring Unexpectedly Application owners lie awake at night worrying that an application will go down or be otherwise inaccessible, and there’s any number of reasons why this could occur. Do you identify with any of these?
What’s The Value of an Expiry Notification?
What would it cost your organization if an SSL certificate expired unexpectedly? I’ve heard from customers about all kinds of pain they’ve experienced as a result, such as:
- Website goes down and they are losing sales for half a day
- The responsible person being relieved of their responsibility
- Financial penalties due to contractual commitments (e.g., guaranteed uptime)
- Damage to corporate image due to perceived lack of concern
- Unnecessary overtime to expensive personnel to resolve the issue (because, of course, they rarely expire when you are in the office)
- I’ve even spoken to an organization who went through the pain twice; when they first “fixed” the issue, they missed their “hot backup” machine and again experienced the pain when they subsequently put their hot backup into emergency service
How Do I Find & Inventory My Certificates?
In previous posts, I’ve discussed why you’d want to inventory your certificates. Now let’s discuss how you can inventory your certificates. Historically, we’ve found a lot of prospective customers using a spreadsheet to maintain a listing of certificates, owners and expiry dates. There are problems with this approach: data is manually collected; information becomes outdated quickly; often data that is required is not collected at all; and it’s also challenging to receive reliable email notifications from a spreadsheet.
Ensuring Compliance with Security Policy
If you are in the IT business, chances are you are subject to compliance and some form of security policy. One example our customers run into is ensuring they are moving from a 1024-bit key size to 2048-bit key sizes in their certificates. While most companies should have a policy in place to ensure they are only purchasing 2048-bit certificates, most are unable to ensure only purchasing-approved certificates are introduced into their environment. This may occur for the following reasons...