Certificate Lifecycle Management 07-26-2022

Taking Certificate Lifecycle Management to the Next Level


TLS/SSL certificate lifecycle management can be difficult and time-consuming if done manually. In a recent survey DigiCert found that about two-thirds of enterprises are concerned about how much time they spend managing certificates, and about half said that they frequently discover rogue certificates. With certificate lifetimes shortening, certificate usage increasing and web threats evolving (including the incoming threat of quantum computers), there’s never been a more critical time to gain control over your certificate inventory.


While many companies elect to construct and manage their own  public key infrastructures — a DIY PKI — this is not a best practice to prevent outages. Regardless of the size of your organization, managing the ongoing security requirements for server deployments can be an extremely challenging and demanding process whether you are dealing with a few or dozens of servers.

But complete enterprise security requires more than just installing a TLS certificate, it’s about creating digital trust. Enterprise security needs to be done right and made easy for admins to stay ahead of the growing number of threats that organizations face today.

But with multiple online systems and services, keeping up with expiration dates, system vulnerabilities and internal processes and controls for preventing fraud is a daunting task. So how do you make it easier?

Managed PKI

Using a managed PKI service delivers PKI capabilities on demand, increasing scalability to fit the growing needs of the business. A managed PKI service also dramatically reduces the burden on the enterprise. Policies, operational processes and certificate management can be handled by the service provider. Using a managed PKI solution should be a key ingredient to setting up a robust cybersecurity architecture. 

With DigiCert certificate lifecycle management solutions, you have all the capabilities you need to implement the five pillars of TLS best practices, including how to discover, manage and report, notify, unify and automate your certificate inventory.

As the number of online devices and services continues to expand in the enterprise, the complexity of maintaining system security will only continue to grow. Advanced tools for certificate inventory are a critical resource for administrators to use in staying on top of enterprise security needs.

Case study: AVEVA

AVEVA drives digital transformation through innovative industrial software. When the company needed a digital transformation of their own to better manage SSL, they implemented CertCentral, the certificate management platform by DigiCert. AVEVA needed to manage complexity on a global scale for 4,400 employees at 80 locations in more than 40 countries. Their goal was to centralize resources, streamline processes and still meet the localized needs of each business division and region. But gaps in TLS management arose from a process for issuing and tracking digital certificates that was “piecemeal.” Software developers bought certs as needed for projects, IT staff bought certs as requested for users — and both groups bought certs from multiple CAs.

The conclusion: Not having a centralized system made it harder to track expiring certificates, and their one-off approach to purchasing was more expensive. Their interim solution was a manual spreadsheet to track certificates. All that complexity was simplified when they discovered CertCentral.

CertCentral provided the tracking piece, only with more functionality. In addition to centralizing TLS operations — with the ability to issue, install, inspect, revoke and renew every certificate in their landscape — the platform also integrated code signing, which AVEVA developers use extensively.

AVEVA’s favorite CertCentral feature is the Discovery tool. It enables IT staff to track where legacy certificates were acquired, which is critical in a multi-company merger environment. Just as AVEVA develops solutions to increase efficiency and optimize client resources through better monitoring and control, CertCentral shows AVEVA IT operations what they can do better. It provides a holistic view of how they approach front-end server security.

Learn more in TLS Best Practices Guide

Streamline certificate lifecycle management, reduce risks and focus your time on business priorities. Get the 2022 TLS Best Practices Guide to learn about how to simplify and centralize certificate management with visibility and automation.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min