What Are the Best Methods of Simplifying SSL Certificate Management?

Scott Shetler
Part 1 of 5 in the Series — SSL Certificate Management

This is the first entry in a five-part series that focuses specifically on SSL certificate management. One of the most misused or misunderstood terms is “certificate management.” The problem? It’s such a broad term and could cover any of the following items:

  • Certificate request, issuance and revocation
  • Certificate renewal or replacement
  • Certificate installation on a server
  • Finding and inventorying all your certificates
  • Reporting on a list of certificates
  • Receiving email notifications for certificate expires
  • Reviewing certificates looking for policy exceptions
  • Monitoring of intermediate and root certificates
  • Monitoring certificate copies
  • Managing certificate from other vendors

It’s a long, non-exhaustive list that some would say is incomplete; others would say it’s too broad. Initially, vendors allowed you to request a certificate (i.e., provide a Certificate Signing Request (CSR)), issued you a certificate and sent you an email notification prior to expiry, and called it managed. As time passes — and technical capabilities become greater — it’s necessary that the definition of certificate management be broadened to encompass all the topics above.

Today’s organizations can have anywhere from five to 5,000 SSL certificates — usually from multiple sources such as multiple public certificate vendors, a Microsoft CA, self-signed rogue CAs and various other sources. Managing SSL certificates becomes more challenging because each vendor typically offers different management capabilities for their own certificates, but none for other vendors’ certificates. Many organizations simply end up using spreadsheets to maintain a list of all certificates, and then manage different aspects of them in the various source systems.

If you are searching for “certificate management,” first try to define what that means to you, and then have a meaningful conversation with your certificate providers to see who can best help you solve your problems.

Entrust offers a comprehensive certificate management service that covers the broad range of topics listed above.

Scott Shetler
Scott Shetler
Senior Product Manager

Entrust senior product manager Scott Shetler has worked in various areas of software management for 16 years. He leverages his background in product and service management at Entrust to manage the Certificate Services family of products, which have grown more than 30 percent under his tenure. He gained vast experience in software as a service (Saas) and product management while at solution providers Necho Systems in Toronto and Workstream Inc in Ottawa.


Add to the Conversation