While SSL/TLS certificates provide the backbone for information security—digital certificate management is going to get harder as enterprises turn to SSL certificates to manage security for the 21 billion Internet of Things (IoT) devices expected by 2020. For example, just look at the recent spate of record-breaking DDoS attacks powered by security cameras and other “smart” devices conscripted into botnets by hackers.
SSL certificate management has been a sleeping giant for many busy IT organizations that are not able to scale manual tracking with their growing volume of digital certificates. Consequently, errors in those spreadsheets, unknown or misconfigured certificates have resulted in expired certificates causing systems to go down, a disruption in service and risk of security breach.
In addition to IoT, there are other uses for digital certification coming soon including Google Chrome red-flagging of non-https web sites this year, Web/device authentications, VPN, email encryption and code signing.
“Gartner clients continue to cite x.509 certificate (SSL/TLS) expiries as being a leading concern with respect to management of certificates,” according to Gartner Research, Technology Insight for X.509 Certificate Management, September 2016.
Certificate lifecycle management is critical for any-sized organization—but let’s look at Apple, Google, Equinox, and Microsoft Azure to see what can go wrong when digital certificates are allowed to expire.
- 2016: Apple’s WWDR certificate expired, breaking Xcode signing, Safari Extensions, Safari Push Notifications and Apple Wallet passes for developers.
- 2015: Google forgot to renew on of its SSL/TLS certificates, leading to a Gmail outage for people that access it through third-party applications
- 2014: Equinox Payments lost track of a decade-old certificate embedded into their credit card readers causing 1000s of their readers to stop working—and big headaches downstream for retailers. Refer https://krebsonsecurity.com/2014/12/security-by-antiquity-bricks-payment-terminals
- 2013: When the Microsoft Azure platform’s SSL certificate expired it took down cloud storage services worldwide.
Today, digital certificate lifecycle management is simply too resource-intensive and critical for short-staffed IT departments to manage manually. Comodo, the leading global CA realized this and partnered with Fortune 500 companies to develop a fully automated solution that solves the certificate lifecycle management problem.
Comodo Certificate Manager is a comprehensive platform that automatically discovers internal and external SSL/TLS certificates in your enterprise and organizes them all into one central inventory to simplify SSL/PKI tracking and management. With an automatic, full-lifecycle digital certificate management platform your certificates will not be allowed to expire accidentally. Consider these attributes:
- Comprehensive – Provides complete certificate support, not just management of others’ CA certificates
- Cost-effective – Automation avoids manual work for certificate discovery and renewal; consolidation into one platform lowers costs
- Simple and flexible – Enables customers to be their own private CA and enroll certificates for internally-trusted applications (email, IoT); avoids complexity and burden of managing PKI and separate identity databases
- Efficient – Streamlines software distribution and avoids error messages by signing code with certificates from a public CA
- Reliable – Avoids disruption in service uptime and risks of lost trust caused by expired certificates
You can try Comodo Certificate Manager free for 30 days and get a 15% discount at the end of your trial. With a secure, reliable and centralized management platform, you can self-administer, instantly provision Comodo certificates and control all the SSL/PKI certificates in your enterprise and maintain trust.
For ease of use, CCM provides automated set-and-forget installation and renewal of certificates, as well as archiving of PKI for Comodo CA-issued certificates, to prevent expired certificates and the damage they can cause.
You also can be your own CA and issue private certificates with Certificate Manager or use Microsoft Active Directory certificate templates. This gives you a cost-effective way to offer enhanced security such as SSL, S/MIME (with key archival and recovery) secure logon, user and machine authentication, web server authentication and smart cards.
Comodo Certificate Manager was designed to simplify SSL/TLS lifecycle management for busy IT organizations:
- Eases Administration – Avoids manual certificate discovery and renewal
- Supports Uptime and Stability – Avoids disruption from expired certificates with advance notification
- Lowers Costs – Consolidates and manages all certificates from all CAs
- Builds Confidence – Trust provided by Comodo, world’s #1 certificate authority