Once again, expiring digital certificates
leading to massive online services shutdowns made headlines. These
types of incidents can happen, though here at DigiCert, we’ve built CertCentral
to help companies avoid these headaches. And, we are constantly working
on improvements to the platform to include additional functionality and
automation. Digital certificates are used to encrypt website traffic during
browser sessions. These certificates are issued for a limited period
after vetting the domain holder’s authorization for the certificate.
Certificates have a set expiration date to ensure they are updated
periodically to include improved industry standards and protocols and
revalidate the true identity of the domain owner or operator. These
security checks help protect end-users and encourage adoption of
evolving and improving best practices. Once certificates expire, a device or site using the certificate
needs to be updated with a new certificate or risk blocking user access
to the device. Each device treats an expiring certificate differently,
but generally requires a valid certificate to maintain a connection. Some organizations have thousands, hundreds of thousands and even
millions of certificates. Your phone, for example, may have dozens of
certificates on it. Because of this volume, using something like
spreadsheets or human memory to replace the certificates before
expiration is not a good idea. In fact, a report in 2017 said that 80%
of business were hit by certificate-related outages (https://www.scmagazine.com/home/security-news/vulnerabilities/80-of-businesses-hit-by-certificate-related-outages-study/). Recently, millions of smartphones were taken offline because of a certificate outage (https://www.theverge.com/2018/12/7/18130323/ericsson-software-certificate-o2-softbank-uk-japan-smartphone-4g-network-outage). Failing to manage certificates properly has real financial and customer implications. The serious business of managing certificates, especially in volume,
is why DigiCert built CertCentral. Regardless of the volume, type or
expiration date, DigiCert’s CertCentral software can easily track,
manage and replace certificates. The software features discovery and
automation services that can help administrators automatically track,
manage and deploy certificates as needed. The system was designed to support both websites and IoT devices en
masse to ensure no certificate is forgotten. The configurable alerts
permit administrators to send renewals and notices at customizable
intervals throughout the lifecycle and escalate issues with both
security and lifecycle management. The audit logs show exactly what
users are doing, to ensure a rogue actor doesn’t covertly sabotage a
company’s certificate operations. Enhanced permission settings go
further, limiting the damage a single disgruntled employee can do. On top of management, CertCentral includes tools to diagnose
installation issues, detect expiring certificates, and warn about
certificate-related issues. Our certificate inspection tools detect
vulnerabilities and help troubleshoot even the most difficult
situations. The solution is an all-encompassing certificate experience,
designed with the user in mind. Regardless of whether users access the
system through the API or GUI, certificate management becomes an
automated and seamless task using the award-winning platform. Like most services, certificate management can be a headache or
non-issue, depending on the partner providing the services and
management tools used. DigiCert’s best-in-breed and award-winning
software is trusted worldwide by the world’s top companies to make
certificate management easy.