- Website goes down and they are losing sales for half a day
- The responsible person being relieved of their responsibility
- Financial penalties due to contractual commitments (e.g., guaranteed uptime)
- Damage to corporate image due to perceived lack of concern
- Unnecessary overtime to expensive personnel to resolve the issue (because, of course, they rarely expire when you are in the office)
- I’ve even spoken to an organization who went through the pain twice; when they first “fixed” the issue, they missed their “hot backup” machine and again experienced the pain when they subsequently put their hot backup into emergency service
The list goes on. But suffice it to say, there’s a lot of pain experienced when a certificate expires unexpectedly.
What expiry notification system attributes do you require in order to avoid these challenges?
First, ensure the notice goes to the right person. Because people change jobs, accidently delete emails, forget to react, or simply go on vacations, you want a strong backup in place. Ideally, you want multiple emails, going to different people, and always include a certificate administrator.
But please, don’t send the system administrator a single email per expiring certificate, or he/she is bound to let something fall through the cracks. Just send a report listing all the expiring certificates and who is responsible, so you can follow up with the application owners if necessary. And when the administrator does renew the certificate, please verify and remove them from the report automatically.
Because your schedule is unique, you want to be able to control when those emails are sent relative to expiry. For some organizations, 10 days is not enough warning. And wouldn’t it be nice to have a programmatic interface to your systems so you could generate help tickets or track these crucial events using your chosen activity reporting system?
Lastly, in order to truly protect organizations from unknown expiry, ALL certificate locations should be listed during notification so certificate copies aren’t missed during the renewal process. Organizations and/or administrators don’t need to live through the pain twice like on Groundhog Day.
So, now ask yourself, what’s the value of an expiry notification, and who will you trust to provide it to you? And how much pain can you or your organization tolerate?
Entrust helps solve these painful problems with the Entrust Discovery certificate management system.
Look for next weeks blog posting – Part 4: How Do I Find And Inventory an SSL Certificate