Who Manages TLS/SSL Certificates in an Organization?
TLS/SSL certificates are commonly managed by IT personnel and software engineers. However, certificates can theoretically be requested and purchased by any person in your organization needing to secure a website or server, unless you specify authorization policies within your certificate management console. For example, within DigiCert CertCentral®, users can designate certain profile authorization to approve and issue certificates.
Who is Responsible to Authorize Digital Certificates?
Within organizations, IT administrators or software engineers, are usually designated to authorize certificates, but anyone can be given permissions to authorize certificates. Inside DigiCert CertCentral®, organizations can set roles under profiles and limit which users are authorized to issue certificates.
Certificate Authorities, or CAs, issue certificates to organizations after a vetting process known as validation. For every public TLS/SSL certificate, CAs must verify, at a minimum, the requestors’ domain. For high-assurance certificates like Organization Validated (OV) or Extended Validation (EV), the CA must also verify the organization’s existence, phone number, address, and for EV, the requestor’s identifying information.