Q: Right now I am using Excel to manage my certificates. Do you make spreadsheet templates just for
       managing certs?
ANSWER: Manually tracking certificates with spreadsheets is time consuming and fraught with danger. DigiCert’s Enterprise Managed PKI and discovery tools like DigiCert Certificate Inspector make sure you know about all of the certificates in your network and the vital info you need to manage them, including when they are expiring. Enterprise MPKI also makes it quick and easy to order new certificates on-demand without waiting for the typical validation process.
Q: I’m concerned that I have expired certificates on my network. What is the best way to find them?
ANSWER: It is not unusual for a large company to have hundreds of certificates installed on its network. With multiple employees purchasing certificates it can be very easy to lose track of certificates that are unmanaged or expired. DigiCert’s cert inspection and discovery tools will locate these certs and provide you with the information you need to properly manage them. DigiCert Certificate Inspector and our SSL Discovery Tool are both designed for this purpose.
Q: I have SSL Certificates from a variety of CAs. How can I better manage all of them?
ANSWER: DigiCert’s online management console account only manages DigiCert certificates. However, all of our tools, such as DigiCert Certificate Inspector and DigiCert Certificate Utility for Windows are vendor agnostic and will work with all of your certificates, regardless of issuer.
Q: How do I order and install a certificate for [my operating system]?
ANSWER: DigiCert has the biggest repository of support documentation on the Internet dedicated to installing SSL on every possible platform. Additionally, our 5-star customer support team is standing by to answer any other questions you have. If you are using our complimentary Certificate Utility for Windows you will enjoy our exclusive Express Install process that only takes a few mouse clicks to generate a private key and CSR, send us the CSR, streamline the order process, distribute intermediate root certificates, import the certificate, and then install it. If you have a large number of certificates to order, Express Install can literally save you multiple days’ worth of work by automating most of the process for you.
Q: I can only find cert discovery tools that scan external domains. What about my internal SSL Certificates?
ANSWER: You’re in luck! DigiCert Certificate Inspector can scan both internal and external networks. Scanning of internal networks takes place with the assistance of remote agents that you place on your servers.
Q: How can I determine if my certificates are installed and configured properly?
ANSWER: The fastest way to diagnose a certificate is to type the domain name into our SSL Installation Diagnostics Tool. This utility will immediately report back if your certificate is functioning properly. For a more robust examination you can use DigiCert Certificate Inspector to look for weaknesses in the certificate’s configuration.
Q: What SSL vulnerabilities should I be worried about?
ANSWER: DigiCert Certificate Inspector and our other tools can help you identify the common vulnerabilities that can result from misconfigured certificates. Those issues include: vulnerability to the Heartbleed Bug, BEAST, BREACH, and CRIME exploits, missing revocation info, RSA keys under 2048-bit, ECC keys under 233-bit, expired or expiring certs, internal names, misconfigured or missing fields, mismatched names, weak cipher suites or hashing algorithms, broken chains, insecure TLS renegotiations, and more.
Q: I’ve discovered an SSL vulnerability. What should I do now?
ANSWER: The most common certificate problems are generally easily remedied by making some configuration changes at the server endpoint. Sometimes the certificate itself is inadequate and needs to be re-issued or replaced. In any case, if you are using DigiCert Certificate Inspector you will be presented with specific remediation steps to take to address the weakness.
Q: I don’t have time to babysit my SSL Certificates. How can I know if one is about to expire?
ANSWER: DigiCert’s MPKI and other management tools provide customizable email alerts to warn you when a certificate is nearing expiration. Additionally, business intelligence-style reports give you a comprehensive snapshot of all your certificates, allowing you to plan ahead and develop a maintenance plan that fits your busy schedule.