This is the first entry in a five-part series that focuses specifically on SSL certificate management. One of the most misused or misunderstood terms is “certificate management.” The problem? It’s such a broad term and could cover any of the following items:
- Certificate request, issuance and revocation
- Certificate renewal or replacement
- Certificate installation on a server
- Finding and inventorying all your certificates
- Reporting on a list of certificates
- Receiving email notifications for certificate expires
- Reviewing certificates looking for policy exceptions
- Monitoring of intermediate and root certificates
- Monitoring certificate copies
- Managing certificate from other vendors
It’s a long, non-exhaustive list that some would say is incomplete; others would say it’s too broad. Initially, vendors allowed you to request a certificate (i.e., provide a Certificate Signing Request (CSR)), issued you a certificate and sent you an email notification prior to expiry, and called it managed. As time passes — and technical capabilities become greater — it’s necessary that the definition of certificate management be broadened to encompass all the topics above.
Today’s organizations can have anywhere from five to 5,000 SSL certificates — usually from multiple sources such as multiple public certificate vendors, a Microsoft CA, self-signed rogue CAs and various other sources. Managing SSL certificates becomes more challenging because each vendor typically offers different management capabilities for their own certificates, but none for other vendors’ certificates. Many organizations simply end up using spreadsheets to maintain a list of all certificates, and then manage different aspects of them in the various source systems.
If you are searching for “certificate management,” first try to define what that means to you, and then have a meaningful conversation with your certificate providers to see who can best help you solve your problems.
Entrust offers a comprehensive certificate management service that covers the broad range of topics listed above.