ÃÛÌÒTV

Certificate Management 03-31-2015

A Quick Start Guide to SSL Certificate Inventory and Management

Flavio

How many SSL Certificates can one admin manage?

Ìýthat says the average enterprise manages almostÌý700 physical servers in its network infrastructure.ÌýIf you're or Google, Ìýthat number is estimated to be aroundÌýone millionÌýservers that are being managedÌýat any given time.

Regardless of the size of your organization, managing the ongoing security requirements forÌýserver deployments can be an extremely challenging and demanding process whether you are dealing with a few or dozens of servers.

In addition to the number of physical machines in a network, virtualization means that each of those devices could haveÌýadditional virtual servers—all of which require security, monitoring, and management.ÌýTake all of this and add it to the growing number of Internet-connected devices and Internet services that enterprises useÌýto conductÌýbusiness; it all amounts to hugeÌýpressure on administrators and security professionals just to keep with the everyday demands of running a business.

Complete enterprise security requires more than just installing an SSL Certificate. With multiple online systems and services, keeping up withÌýexpiration dates, system vulnerabilities, and internal processes and controls for preventing fraud, is a daunting task. So, how do you make it easier?

Simplified Certificate Inventory

One of the common questions admins struggle answering is, "Where are all of my certificates?" We recently worked with a large enterprise with a detailed, internal process for tracking all of their SSL Certificates. They're certificate inventory spreadsheet listed over 30,000 certificates and they were confident that it accounted for all of the SSLs in their network.

We fired up ÃÛÌÒTV's free SSL inventory toolÌýCertificate InspectorÌýand the Ìýagent quickly set out toÌýcollect inventoryÌýfor all SSLs in the client's network. After completing the scans, the agent found several hundred additional certificates in expected devices and on non-standard ports.

Certificate InspectorÌýmakes is easy to identify all of the SSL Certificates installed across your network. The inspector agent can identify internal and external certificates running on servers and network devices, and makes it easy to quickly account for all certificates your organization is currently managing.

SSL Management Made Easy

Every SSL Certificate found by theÌýinventory tool is graded based on certificate implementation and server security. Certificate Inspector's advanced SSL analysis examines all certificate problems and known server vulnerabilities in real time, including:

  • Vulnerability to Heartbleed, Poodle, CRIME, BEAST, or BREACH attacks
  • Certificates with weak private keys: RSA keys under 2048-bit or ECC key under 233-bit
  • Expired or expiring certificate dates
  • Internal names
  • Missing fields and values
  • Certificate name mismatch
  • Weak cipher suites, such as a cipher suite that uses 56-bit block ciphers or a 1024-bit key size
  • SHA-1 vs SHA-2
  • Broken chains
  • SSL v2, SSL v3, MD5

When a vulnerability was announced, this large enterprise customer didn't need to scramble to find a service to test the thousands of servers and services they were running.

Certificate Inspector was updated to scan for the latest possible threats and quickly identified affected servers, making patching and management a streamlinedÌýprocess.

Enterprise SecurityÌýDone Right

As the number of online devices and services continues to expand in the enterprise, the complexity of maintaining system security will only continue to grow. Advanced tools for certificate inventory are a critical resource for administrators to use in staying on top of enterprise security needs.

Total enterprise security today requires more than just buying a SSL Certificate. Enterprise security needs to be done right, and made easy in order for admins to stay ahead of the growing number of threats that organizations face today.Ìý

Learn more.at /campaigns/tls-best-practices-guide#help.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205