Some time ago, Let's Encrypt revoked more than 300 million certificates of events, once exposed, once again sounded the alarm to deploy secure HTTPS ......
As the ID of the online world, Internet security SSL certificates to protect the most basic part, provides data transfer encryption over HTTPS SSL encryption and authentication mechanisms, data integrity protection, authentication server three functions.
However, when the site upgrade to deploy SSL certificates and HTTPS, whether it is truly safe?
Certificate expires? Private key is revealed? Management cumbersome? Quickly take a look at the daily business management certificate, you have not encountered the confusion following it?
1, due to the failure expired certificate does not update downtime caused the accident site business interruption;
2, certificate management cumbersome, complex scenes, inefficient and costly; (eg: certificate request, renew, cumbersome update process)
3, large sites of operation and maintenance personnel do not know how much they have certificates and keys;
4, fear of being unable to ensure the security keys are in all stages of the life cycle;
5, can not protect keys and certificates Security Trust website will be greatly reduced (CA vendor to confirm enterprise key is compromised, the right to revoke the enterprise certificate)
Figure: many security risks due to improper management certificate
Certificate and key management is one of the biggest challenges facing the modern enterprise, due to the security risk certificate mismanagement brought business disruption, financial loss, brand damage, unable to meet the requirements of relevant laws and regulations, business owners will face more severe compliance challenges.
Industry trends certificate management
2019, the United States NIST NCCoE upstream and downstream joint security company issued a "NIST cybersecurity practice guidelines SP 1800-16, TLS server certificate management" draft industry standard, NIST NCCoE recognize that Web services and other conservation organizations between the client and the server communication is essential that the practice is designed to guide enterprises to better manage TLS server certificates. Future, business management certificate will also move in four directions.
① security: secure storage of private keys and certificates;
② Visibility: audit all certificates and private keys and related activities;
③ Effectiveness: avoid unexpected failure or interruption;
④ stop: Certificate lifecycle management services;
Is there a certificate management tools to meet the security, visibility, effectiveness, these four demands it stop?
Certificate intelligent management software (CertManager) to achieve automatic certificate application, deployment, testing, discovery, monitoring, certificate management, alarm, update and handover certificate brand in one of the intelligent life cycle management system to meet security compliance requirements together.
Certificate Management Best Practices: CertManager
CertManager give a more solid guarantee business, improve efficiency and reduce management costs, avoid accidents caused by human error, meet the needs of industry users.
■ a key application for a certificate, issued by speed, automatic deployment.
Certificate "chaotic" ■ Scanning the enterprise, monitor certificate and generate detailed reports.
■ centralized certificate management, reducing security risks because of unusual circumstances such as to bring the certificate expires, when found weak encryption mechanism, damaged or vulnerable ***, you can quickly migrate to the new certificates and keys.
■ Create a hardware device within CSR (the private key) to complete the certificate request, no key equipment.
■ help build the station's HTTPS, HTTPS achieve accelerated.
In the draft NIST NCCoE develop best practices TLS server certificate management, CertManager certificate management solution that meets all practical terms. (See below)
CertManager features bright
CertManager by enterprise information pre-audit mechanism and outstanding deployment environment adaptation capabilities, on-line help enterprises fast service, reduce labor costs and avoid accidents caused by human error.
✔ Automatic certificate issued:
Enterprise information pre-trial mechanism to achieve automatic certificate issuance, quick access;
✔ Certificate Deployment:
Unified management gateway device, cloud service, WEB SERVERS certificate deployment and updates, and provide OPENAPI with the operation and maintenance docking system;
✔ Certificate detection:
CAA statistics report, DN / SAN compliance report, weak key statistics;
✔ private key protection:
White-box algorithm reinforcement, keyless, security gateways, short certificate optional four ways to protect the security of the private key;
✔ Monitoring Alarms:
Continuous monitoring the status of certificates, alarm anomalies;
✔ Brand Switching:
When CA trust is damaged, the certificate can quickly switch brands;
✔ User Management:
Based Access Control, administrators, project managers, operators and the role of auditors;
✔ certificate found:
For certificate companies have deployed enterprise network segment can scan and manage certificates found;
Speed increase efficiency, reduce costs Cheats
CertManager fast, controllable, visualization, closed-loop security certificate management services help corporate users manage security compliance of SSL certificates and private keys, which can effectively avoid the loss of funds due to expired certificates produced, brand damage and other consequences, a more good experience, it can achieve:
☞ rapid business on-line:
By MPKI enterprise information pre-trial mechanism for fast application and update OV / EV Certificate;
☞ Safety Compliance:
Centralized management of private keys generated a variety of ways to protect private security; in line with domestic and international regulations: such as insurance and 2.0 GDPR;
☞ Quick controllable:
Achieve a key application for a certificate shall be renewed automatically, and can be deployed manually graded rollback; CA trust when damaged, quickly switch brand certificate; auditors can track all operations to ensure controllable certificates and related operations;
☞ security alarm monitoring + management rating:
Continuously monitor the status of certificates function, pinpoint problems, anomalies in real-time warning;
CertManager, such a request from the certificate, deployment, testing, alarm updates, provide a certificate lifecycle services at all stages of product features, automated certificate management services help corporate stable operation, reduce stress and manage IT operation and maintenance risk, reduce labor costs, really makes certificate management more safe and convenient!