Digital Certificates Expiring on Major Platforms – We’ve Seen This Before

Once again, expiring digital certificates leading to massive online services shutdowns made headlines. These types of incidents can happen, though here at DigiCert, we’ve built CertCentral to help companies avoid these headaches. And, we are constantly working on improvements to the platform to include additional functionality and automation.

Digital certificates are used to encrypt website traffic during browser sessions. These certificates are issued for a limited period after vetting the domain holder’s authorization for the certificate. Certificates have a set expiration date to ensure they are updated periodically to include improved industry standards and protocols and revalidate the true identity of the domain owner or operator. These security checks help protect end-users and encourage adoption of evolving and improving best practices.

Once certificates expire, a device or site using the certificate needs to be updated with a new certificate or risk blocking user access to the device. Each device treats an expiring certificate differently, but generally requires a valid certificate to maintain a connection.

Some organizations have thousands, hundreds of thousands and even millions of certificates. Your phone, for example, may have dozens of certificates on it. Because of this volume, using something like spreadsheets or human memory to replace the certificates before expiration is not a good idea.  In fact, a report in 2017 said that 80% of business were hit by certificate-related outages (https://www.scmagazine.com/home/security-news/vulnerabilities/80-of-businesses-hit-by-certificate-related-outages-study/). Recently, millions of smartphones were taken offline because of a certificate outage (https://www.theverge.com/2018/12/7/18130323/ericsson-software-certificate-o2-softbank-uk-japan-smartphone-4g-network-outage). Failing to manage certificates properly has real financial and customer implications.

The serious business of managing certificates, especially in volume, is why DigiCert built CertCentral. Regardless of the volume, type or expiration date, DigiCert’s CertCentral software can easily track, manage and replace certificates. The software features discovery and automation services that can help administrators automatically track, manage and deploy certificates as needed.

The system was designed to support both websites and IoT devices en masse to ensure no certificate is forgotten. The configurable alerts permit administrators to send renewals and notices at customizable intervals throughout the lifecycle and escalate issues with both security and lifecycle management. The audit logs show exactly what users are doing, to ensure a rogue actor doesn’t covertly sabotage a company’s certificate operations. Enhanced permission settings go further, limiting the damage a single disgruntled employee can do.

On top of management, CertCentral includes tools to diagnose installation issues, detect expiring certificates, and warn about certificate-related issues. Our certificate inspection tools detect vulnerabilities and help troubleshoot even the most difficult situations. The solution is an all-encompassing certificate experience, designed with the user in mind. Regardless of whether users access the system through the API or GUI, certificate management becomes an automated and seamless task using the award-winning platform.

Like most services, certificate management can be a headache or non-issue, depending on the partner providing the services and management tools used. DigiCert’s best-in-breed and award-winning software is trusted worldwide by the world’s top companies to make certificate management easy.

To learn more or get a demo, visit https://www.digicert.com/mpki/.

Posted in CertCentral, SSL, SSL Certificate Management