This guide provides five simple steps for IT professionals to take control of SSL certificates across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these certificates throughout their lifecycle.
The following five steps will help an IT administrator gain control over all SSL certificates within the enterprise.
Perform an audit of all domains and certificates
Visibility into all SSL certificates deployed in the enterprise is critical to securing online transactions, communications and Web-based applications. Whether starting from scratch or validating an existing list, a certificate discovery tool can be used to automate the process and catalogue the location, expiration date, validity period, and key size of SSL certificates as well as code signing certificates.
Output: Real-time reporting of all certificates on all secured domains
Consolidate all certificates into a managed account
The audit gives you the complete information needed to evaluate your SSL protection and begin consolidating certificates into a single managed account for better control.
Output: A single, managed account for all certificates within the enterprise.
Define an administrative process for your organization
An enterprise certificate management account enables authorized administrators to purchase multiple certificate units at one time for issuance, as needed, throughout the organization. The administrator defines a process to streamline management according to the desired level of control, including who has what privileges, how enrollment works, and who receives what type of notifications.
Output: A clearly articulated administrative process integrated into the management system.
Set up alerts, run regular reports on available units and renewals
Regular reports generated by the certificate management platform help system administrators better manage time and resources. Instead of static information in a spreadsheet, real-time reports should show the actual unit inventory across the enterprise by certificate status: all requests and certificates, pending, approved, rejected, valid, revoked, deactivated, expired, or expiring. Renewal reports with 90, 60, and 30 day alerts help an administrator plan for SSL certificate renewals and take advantage of bulk discounts. Historical reports give administrators valuable insight into past usage for future planning and management. Customization and multiple file formats provide maximum integration into administrative processes and tools. The administrator should have the option to customize detailed certificate usage reports by organization or administrator and to create automated reports for regular delivery to the key contact. File format options such as pdf, html, and CVS enable information to be shared and integrated into other software for viewing and analysis.
Output: Annual resource allocation and budgeting for SSL.
Revoke and replace certificates as needed
Consolidated inventory and management tools make it easier to revoke and replace certificates. When servers are taken offline, moved or replaced, SSL certificates need to be properly moved using revoke and replace. The NSLookup tool maps domain names to IP addresses to help find the location of missing certificates. If a certificate cannot be found or is no longer needed, it should be revoked to prevent misuse. If a private key is lost or compromised or if a server crashes and a certificate is deleted, the administrator should be able to revoke the certificate and issue a replacement.
Output: More control over lost or missing certificates.
Source: Simplify SSL Certificate Management Across the Enterprise