Certificate management may seem like a daunting task, especially to someone who doesn’t possess specialized knowledge of the technology and policies involved in deploying and maintaining PKI. Let’s break it down into distinct, bite-sized steps to see if it’s actually that intimidating.
1. Certificate Enrollment
A user or organization submits a certificate request to a Certificate Authority (CA) – a trusted 3rd party entity that is responsible for issuing and managing of security certificates and public keys. Upon verification of enrollment information provided by the requestor, the CA issues a certificate which is entitled to be used for a specific purpose.
2. Certificate Distribution
Is the process where the CA distributes the certificate to the user. This is considered a separate process because it might require management intervention from the CA. During this stage, the CA sets policies that affect the use of the certificate.
3. Certificate Validation
Once a certificate has been issued, it needs to be checked periodically for validity. The certificate’s serial number is matched against the CRL (Certificate Revocation List), such as Entrust, to confirm that the certificate is operationally valid.
4. Certificate Revocation
Each certificate has an expiration date that defines its lifetime. For a certificate to be revoked before its expiration date, the CA needs to be instructed to add the serial number of the certificate to its published CRL, along with the reason for revocation.
5. Certificate Renewal
If a certificate has reached its expiration date and is eligible for renewal, a request can be made to the CA to renew the certificate. The requestor has an option of using existing keys, or can generate a new public and private key. It is always recommended to use a fresh set of keys, especially for TLS certificates.
6. Certificate Destruction
Once a certificate is no longer in use or has expired, all shared copies of it need to be destroyed including the private keys. This helps deter malicious activity, such as key compromise.
7. Certificate Auditing
It is essential to track all functions that involve the CA, including creation, issuance, expiration, and revocation of the certificate.
Want to learn more about Certificate Lifecycle Management and how AppViewX can help you automated all key CLM processes? Visit us at AppViewX.com or request a demo.