The What, Why, and How of Certificate Lifecycle Management


In February of 2013, Microsoft Azure Storage saw a worldwide outage that affected their HTTPS traffic.

In December of 2018, millions of people around the world had their cellphones draw a blank when the cellular network giant Ericsson experienced a glitch in one of their software systems.

More recently, in May this year, thousands of Linkedin users reported the website to be inaccessible– the reason being an insecure connection.

These incidents have cost the respective corporations millions of dollars in lost services, not to mention worldwide flak from customers and tech-watchers alike.

And these three seemingly unrelated corporations have a solid connection in that they owe their misfortune to a common cause –

Expired certificates.

Or in other words, failure to renew certificates on time, which can be further generalized to a desultory certificate management system.

So what happens when a certificate expires?

Certificates are the identification cards for network entities like machines, applications, software, and websites, issued by a registered Certificate Authority (CA). They provide authenticity and credibility to the entities and ensure all transactions between them are secure. When a certificate expires or malfunctions, it opens the floodgates for malware and data breaches, renders websites insecure, and leads to network outages that last until the certificate is either renewed or revoked. Even a few minutes of business discontinuity can cause untold monetary loss, embarrassment, and trust issues for corporations that deal with clients by the millions. Gartner has pinned the loss resulting from a network outage to well over $300K per hour, while cybersecurity site CSO online has stated that the average cost of a business to recover from an outage is $15 million, and faces another $25 million in potential compliance impact.

Related Articles:   Building an Agile Infrastructure with the New AppViewX 12.0

Manual Out, Automation In

Despite its calamitous consequences, certificate expiry continues to be the reason behind outages for more than 74% of organizations. The obvious remedy would be to closely monitor the health of all the certificates that an organization has installed in its systems, but the number of certificates could easily span to thousands, and they reside in different devices of the network infrastructure like firewalls, ADCs, servers, etc. Manually tracking each of them, say on spreadsheets, is precisely what leads to the outages mentioned above as it’s easy for any number of certificates to slip through the cracks.

An effective certificate lifecycle management system can foolproof organizations against threats and preempt outages by employing a substantial level of automation.

AppViewX’s CERT+, a powerful certificate management platform, automates every stage of the lifecycle management, as explained below.

Stages of Certificate Lifecycle Management:

Certificate Discovery

The first step to proper resolution is discovery. CERT+ fishes out all the certificates that are present in your network, stores them in an inventory with details like their point of residence, issuing CA, days until their expiry, etx., and displays them on a unified dashboard on demand. You can also customize the way you want the certificates to be discovered — for particular devices, IP range, subnet, and so on.

Certificate Renewal

The next step to discovery is renewal. As a certificate nears its expiry date, CERT+ renews it automatically, unless you choose otherwise. You can also configure alerts to be triggered when the date is near to take prompt action. The platform is vendor-agnostic — it can handle both internal and external certificates with equal ease — and is integrated with all the major CAs.

Related Articles:   Survey Finds That Traditional Data Centers Are Here to Stay

Certificate Revocation

Certificates are revoked before their expiry date when they’ve outrun their usability or if they’re likely to have been compromised. With CERT+, revocation is a one-click step that sends a message to the CA to revoke the certificate in question and add it to their CRL.

Certificate Issuance

CERT+ expedites certificate issuance by bringing the requesting party and the CA onto the same platform, thereby cutting down on the communication overhead. What’s more, AppViewX by itself is a CA, so if you don’t want to go for an external authority, we’ve got you covered.

Certificate Provisioning

Once you have your certificates ready to be deployed, you can choose the end-points where you want them to be installed at from a drop-down list that has all your devices, websites, and applications on it. CERT+ not just pushes the certificates, but also binds them to the end-points.

Do you want to ironclad your organization from potential outages and threats? Try AppViewX’s CERT+ to automate SSL/TLS certificate management and other aspects of enterprise PKI management.

Want more great content?

Subscribe to our blog to get tech tips, industry news, and thought leadership articles right in your inbox!