2023 EMA Report

SSL/TLS Certificate
Security – Management
and Expiration Challenges

Nearly 80% of SSL/TLS Certificates Are Vulnerable to Man in the Middle Attacks

2023 EMA Report

SSL/TLS certificates play a vital role in securing online communications and transactions. They are used to encrypt sensitive data, authenticate users, and protect against various types of cyber threats. However, digital certificates have an expiration date which is now getting shorter, presenting challenges with regular renewals that create critical outages and cyber risks due to lack of automation.

With Google’s proposal to reduce TLS validity from 398 days to 90 days, organizations of all sizes will feel a heightened level of stress when required to renew certificates every four months. Are you prepared?

Here are some key findings from the report that highlight today’s challenges of managing SSL/TLS certificates:

21%

of servers on the internet utilize TLS 1.3

79%

of SSL certificates in use today are still subject to man-in-the-middle attacks

25%

 

of certificates on the internet pose a security threat because they are expired (10%) or self-signed (15%) which are not considered secure for publicly accessible websites or services

45%

 

of IP addresses exposed to the Top 10 vulnerabilities in the NVD also had expired certificates (22%) or self-signed certificates (23%)