New tool provides comprehensive analysis of all SSL/TLS certificates and termination end points; highlights vulnerabilities and recommends remediation steps
LEHI, UT (February 25, 2014) — DigiCert, Inc., a leading global provider of SSL certificates and related online security products, today announced the availability of the DigiCert Certificate Inspector™. Designed to quickly find problems in certificate configuration and implementation, Certificate Inspector provides real-time analysis of an organization’s entire certificate landscape, including SSL termination endpoints. Using the tool, security professionals can discover forgotten, neglected or misconfigured certificates, and identify potential vulnerabilities, such as weak keys, problematic ciphers and expired certificates. For each potential threat detected, the tool provides a list of remediation activities.
SSL/TLS certificates are a key defense against unwanted surveillance of online user activity. Yet, too often system administrators fail to properly configure certificates, unknowingly leaving open vulnerabilities. Certificate Inspector scans the user’s network detecting all certificates in use, inspects SSL configuration and implementation, and then displays the results in an intuitive and interactive dashboard.
“By providing actionable information about certificate configuration and deployment status, combined with remediation tools, DigiCert helps organizations close the gap between certificate procurement and secure certificate deployment,” said DigiCert CEO Nicholas Hales. “The deployment of securely configured certificates is an important line of defense against unwelcomed surveillance. Certificate Inspector will help organizations shine a light on the areas within their network that could pose lurking threats. We believe that this tool can build upon the efforts of others in the security community to improve online trust in a new, tangible way.”
Keeping up with the latest security best practices as well as monitoring certificates is a daunting task, particularly for enterprises managing thousands of certificates. Frequently, manual tracking processes are used, which introduce human error and result in downtime or unknown security vulnerabilities such as configuration with cipher suites vulnerable to CRIME, BEAST, BREACH or other attacks. In other cases, departments outside of IT might deploy their own certificates, creating a blind spot for Administrators. This also can lead to configuration challenges that downgrade the effectiveness of the SSL certificates upon which organizations rely.
Certificate Inspector works on behalf of security professionals to bring lurking threats out of obscurity and help system administrators target and address problem areas.
Beginning today, security professionals can use the Certificate Inspector to:
- Establish their security baseline with a real-time, comprehensive overview of SSL certificates and their termination endpoints across the entire network.
- Detect vulnerabilities via scanning for problematic certificates or server configurations and easily review results using Certificate Inspector’s intuitive dashboard.
- Analyze security data points either by aggregate or specific to each certificate and endpoint.
- Mitigate discovered vulnerabilities, such as BEAST, and lack of compliance with industry guidelines such as the CA/Browser Forum Baseline Requirements, through recommended steps.
- Renew expiring certificates through DigiCert’s express provisioning process.
- Archive snapshots from each detection event to document improvements over time.
- Run reports from any location with DigiCert’s cloud-based administrative controls.
Using a proprietary algorithm, the Certificate Inspector analyzes SSL certificates and termination endpoints for many security factors, including:
- Weak keys, ciphers and hash algorithms
- SSL/TLS versions
- Expiring certificates
- TLS renegotiation
- Perfect Forward Secrecy
- Configuration vulnerability to CRIME, BREACH, BEAST, etc.
- Mismatched server/certificate names
- Missing AIA’s
For each SSL certificate and termination endpoint, administrators receive a vulnerability report, a corresponding grade and a quick list of best practices for mitigating discovered weaknesses.
“The Certificate Inspector is just one of many steps that DigiCert is taking to improve online trust and help organizations best protect their data in motion,” said Hales. “With the input of our customers and others interested in optimum security, we’re working hard to provide the best SSL customer experience possible and advance internet security best practices.”
The Certificate Inspector is available to any security professional. To learn more about how to run reports and start optimizing their SSL configuration, administrators can visit https://www.digicert.com/cert-inspector.htm.