What’s The Value of an Expiry Notification?

Scott Shetler
Part 3 of 5 in the Series — SSL Certificate Management

What would it cost your organization if an SSL certificate expired unexpectedly? I’ve heard from customers about all kinds of pain they’ve experienced as a result, such as:

  • Website goes down and they are losing sales for half a day
  • The responsible person being relieved of their responsibility
  • Financial penalties due to contractual commitments (e.g., guaranteed uptime)
  • Damage to corporate image due to perceived lack of concern
  • Unnecessary overtime to expensive personnel to resolve the issue (because, of course, they rarely expire when you are in the office)
  • I’ve even spoken to an organization who went through the pain twice; when they first “fixed” the issue, they missed their “hot backup” machine and again experienced the pain when they subsequently put their hot backup into emergency service

The list goes on. But suffice it to say, there’s a lot of pain experienced when a certificate expires unexpectedly.

What expiry notification system attributes do you require in order to avoid these challenges?

First, ensure the notice goes to the right person. Because people change jobs, accidently delete emails, forget to react, or simply go on vacations, you want a strong backup in place. Ideally, you want multiple emails, going to different people, and always include a certificate administrator.

But please, don’t send the system administrator a single email per expiring certificate, or he/she is bound to let something fall through the cracks. Just send a report listing all the expiring certificates and who is responsible, so you can follow up with the application owners if necessary. And when the administrator does renew the certificate, please verify and remove them from the report automatically.

Because your schedule is unique, you want to be able to control when those emails are sent relative to expiry. For some organizations, 10 days is not enough warning. And wouldn’t it be nice to have a programmatic interface to your systems so you could generate help tickets or track these crucial events using your chosen activity reporting system?

Lastly, in order to truly protect organizations from unknown expiry, ALL certificate locations should be listed during notification so certificate copies aren’t missed during the renewal process. Organizations and/or administrators don’t need to live through the pain twice like on Groundhog Day.

So, now ask yourself, what’s the value of an expiry notification, and who will you trust to provide it to you? And how much pain can you or your organization tolerate?

Entrust helps solve these painful problems with the Entrust Discovery certificate management system.

Look for next weeks blog posting – Part 4: How Do I Find And Inventory an SSL Certificate

Scott Shetler
Scott Shetler
Senior Product Manager

Entrust senior product manager Scott Shetler has worked in various areas of software management for 16 years. He leverages his background in product and service management at Entrust to manage the Certificate Services family of products, which have grown more than 30 percent under his tenure. He gained vast experience in software as a service (Saas) and product management while at solution providers Necho Systems in Toronto and Workstream Inc in Ottawa.


Add to the Conversation