Certificate Lifecycle Management

Explanation of SSL Lifecycle Management

There’s a good chance that your day is spent on a wide variety of different projects and that managing SSL Certificates is just one item in a long list of equally critical tasks. This problem is compounded by the fact that you don’t order or configure new certificates daily, resulting in a disruption to your daily routine as you re-familiarize yourself. Unfortunately, you can’t afford to manage your certificate landscape as an afterthought.

DigiCert’s certificate lifecycle management solutions help you along every step of the way, guiding your decisions, alerting you to urgent issues, and automating the most tedious aspects of the process. DigiCert is the leading expert in digital certificates and SSL, which means you don’t need to be. Our knowledgeable support staff is standing by 24/7 to help with questions and make sure your certificates are properly implemented.

For more information, call 1-801-701-9690 »


Discover Every Certificate on Your Network

Large enterprises often have thousands of certificates scattered throughout their sprawling landscapes. Each of these certificates was installed to serve an important security function, yet their sheer volume can cause many of these certificates to be misconfigured or expired. Another danger in large enterprises is the unseen jungle of self-signed or rogue certificates that were created outside your standard acquisition processes. These certificates, which are sometimes forgotten about altogether, can create an attractive attack surface for a clever hacker.

DigiCert’s certificate inspection and discovery tools can find all of your certificates in your environment, regardless of issuer or whether they are on external or internal networks. With these tools, you can quickly see all of your certificates, as well as warning messages about misconfigurations and alerts about expiring certificates. You can’t manage what you don’t know about.

Analyze Your Network

Manual processes and limited resources can lead to expired or misconfigured certificates with weak private keys, server name mismatches, missing revocation information, and similar problems. Even when the certificate is correct, improperly configured server endpoints with insecure cipher suites and hashing algorithms can create security vulnerabilities. Other common problems include vulnerability to the Heartbleed Bug, CRIME, BEAST, or BREACH attacks, certificates with disallowed internal domain names, weak cipher suites, broken chains, compromised hashing, insecure TLS renegotiation, and more.

DigiCert Certificate Inspector offers business intelligence-style reports that give you a bird’s eye view of the SSL across your entire network or lets you drill down into specific trouble areas. Perhaps you will learn that you have dozens of certificates using deprecated internal names or 1024-bit key lengths. You can examine all of your SSL Certificates and endpoints, which are assigned letter grades based on how they are configured, highlighting potential weaknesses for you to address.

Procure Certificates

To obtain new certificates—or reissue existing ones—you need to know what type of certificate fits your needs, then generate a suitable Certificate Signing Request (CSR). Generating a CSR isn’t something the typical IT admin does every day. Additionally, most Certificate Authorities (CAs) are very efficient in collecting your money and less efficient at validating and delivering your new certificate in the short timeframe you need.

DigiCert has comprehensive online support pages and a helpful support staff standing by to help you make informed decisions about your SSL needs. We provide easy-to-use, free CSR generators to remove the hours of online research it can take to figure out how to properly create a CSR for your platform. DigiCert Certificate Inspector also makes it easy to replace problematic certs that it discovers.

Once we receive your order, DigiCert features the fastest validation times in the industry; our validation experts can typically issue a high assurance extended validation in less than an hour, while most other CAs take several days. When you are waiting on a certificate to complete a project, you will appreciate the ability to use your DigiCert Management Console to watch your cert progress through the validation process.

Provision and Properly Configure Your Certs

Installing and configuring your new SSL Certificates can be a finicky process fraught with potential mistakes. Ordering the correct certificate format is always a concern, as well as installing it in the correct location. Misconfiguring a critical certificate can be just as dangerous as not having a certificate at all. Taking the time to do it right can be an arduous process, especially if you are installing dozens of certificates at the same time.

DigiCert’s innovative express installation features simplify what would otherwise be many tedious steps. With just a few mouse clicks, express install will generate your private key and CSR, send the CSR to us, expedite the order/renewal process, distribute necessary intermediate root certificates, import your new certificate, and install it on your server. Multiply this provisioning process hundreds of times over the course of the year and you can imagine the significant time savings.

Manage Your SSL Infrastructure

We understand the challenge that network administrators face when trying to manage dozens, hundreds, or even thousands of digital certificates. With limited resources, many admins manage certificates using spreadsheets and other manual processes. Just one human error can lead to network and server assets being unavailable or out-of-compliance, or cause network downtime that damages your brand and your bottom line.

DigiCert’s Enterprise Managed PKI interface and discovery tools such as DigiCert Certificate Inspector ensure that you are aware of every certificate in your entire environment and when it is expiring. Enterprise MPKI also facilitates the pre-validation of domains and organizations, allowing you to plan ahead, and making future additions quick and painless.

Monitor Expiring Certificates

It is difficult to overstate the disruption that can result from an expired SSL Certificate. Leaving a portion of your network unprotected can have catastrophic consequences, whether it is a blow to your brand’s reputation, the loss of potentially millions of dollars in revenue, an interruption in critical internal processes, or providing a hacker access to your most important assets.

DigiCert’s managed certificate accounts allow you to monitor the health of your whole certificate landscape at a glance. With these tools taking care of the busy work you have ample time to develop a comprehensive maintenance plan and renew certificates long before they expire. Helpful email notifications can be customized to alert you with important messages at any point during a certificate’s lifecycle. Additionally, you can monitor the activity of the units and sub-units requesting certificates in your enterprise. An account audit log tracks and records every action from each user inside your account, and a useful purchase order manager can track account deposits and expenditures.

Remediate Problems and Vulnerabilities

Using our inspection and discovery tools, you may learn that some of your certificates have expired, have weak key lengths, are vulnerable to HEARTBLEED, or are configured to allow insecure TLS renegotiation. How are you going to sort out all the problems and develop a remediation plan?

DigiCert helps you discover vulnerabilities in your network and then supplies you with remediation suggestions to improve the score of improperly configured certificates and endpoints. We give you the specific steps to eliminate weaknesses, and in the occasion the vulnerability can only be corrected by issuing a more secure certificate our Express Install™ process becomes invaluable. Expiring or expired certificates are similarly replaced with ease.

We also have special tools for Windows servers that let you quickly generate and submit CSRs, track the status of pending orders and view associated SANs, install or renew certificates with a click, view certificate details, copy certificates between servers, view the SSL Certificate chain that a server is sending to clients, automatically fix or misconfigured intermediate certificates, and more.