Shulou(Shulou.com)06/01 Report--

Digital certificate, as the equivalent of the network world, provides a way to verify the identity of a communication entity on Internet, and its function is similar to the driver's driver's license or daily life. For example, Web Server proves its identity by providing its own digital certificate, and users can confirm that the website they visit is the one they want to visit, and establish a trust relationship between the two sides of the communication. In addition to server certificates, digital certificate applications also include e-mail certificates, code signing certificates, document signing certificates and so on. It is very important for users and enterprises to ensure the validity of the certificate.

On December 22, 2018, due to the US government shutdown, many TLS certificates had expired, unrenewed and unmanaged, making many sites inaccessible to the public. This issue also affects many certificates related to the .gov.hk domain, which users cannot fully access. If the certificate is not renewed, we may see more government websites have problems.

Nowadays, certificate management has become the main burden of enterprises. The larger the enterprise is, the more serious the management problem is. What kind of problems will it bring to you if you don't have a forward-looking certificate management policy?

Five fingers of death

Use the swordsman title to reveal five nightmares that poor certificate management can bring:

Unexpected interruption of service caused by expiration of ▶ certificate

Audit failures or violations caused by poor certificate / key management in ▶

▶ server certificate and key disclosure / abuse

▶ code signing certificate and key disclosure / abuse

▶ CA leak; rogue CA for MITM or phishing (rogue certificate)

These are what happens when your certificate expires, and the occurrence of any scenario will bring you a "considerable" cost.

It all starts with visibility.

For most organizations, the visibility of large-scale certificate management is one of the three major pain points of certificate management. They don't know how many certificates and keys they have, they don't know who ordered the certificate, and they don't know when the certificate expires. A survey shows that the proportion of this pain point is 71%.

The biggest Challenge of Digital Certificate

Many organizations say they do not have enough IT security personnel to maintain and protect keys and certificates, and do not know how many keys and certificates IT security needs to manage, let alone protect keys and certificates throughout its lifecycle.

How to help enterprises avoid the pain point of certificate management? Before it can counterattack, the enterprise needs to take action first.

High-quality certificate management platform

By investing in a high-quality certificate management platform, the pain point of certificate management can be avoided. Some vendors have good related products, such as KeyManager, which scans your network and manages all discovered certificates, provides certificate visibility and an interface to manage all stages of the certificate life cycle.

Certificate management gives the impression that it is expensive and complex, but it is not. In the long run, this is not a sunk cost (already paid and irrecoverable), it is an investment because the cost of poor certificate management is even more alarming.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.