28, May 2020
SSL/HTTPS School 3 out of 3 – “Safe management of SSL-certificates minimises the risk of business critical consequences”
This is the third and final post in our campaign to raise awareness and knowledge about SSL-certificates and HTTPS.
In the first post, we discussed the basics of SSL/HTTPS. Our conclusion there was that a using SSL-certificates has gone from being an exception to becoming a rule. Read the first one here.
In the second one, we discussed the different types of SSL-certificates, and why those differences actually are important to be aware of. Our conclusion was that the higher the level of SSL-certificate, the more value added to your brand. Read the second one here.
In this post, we will conclude this campaign by discussing the perhaps least discussed aspect of SSL-certificates, how to safely manage them in order to avoid potentially business critical consequences.
SSL-certificates are usually registered:
- At various points in time
- For various periods
- At different providers
- By different people
This makes managing certificates, even across a small organisation, very difficult. Not to mention how complex it gets when it comes to larger organisations.
The two single greatest risks associated with certificate management are:
- Improper implementation
Improper implementation can actually be worse than not having an SSL-certificate in the first place.
- Poor certificate management
Poor management of certificates can have business critical consequences. Everything from external effects such as unreachable websites and damaged reputation, to internal effects such as incapacitated employees and/or leaked confidential documents.
What happens when/if an SSL-certificate runs out?
When a certificate is not renewed, the encryption is no longer ensured and therefore no longer secure.
SSL-certificates run for a finite period, up to one year. A common misconception regarding SSL-certificates is that that they are “renewed”. In practice, an SSL-certificate needs to be replaced with a new one. However, in some cases a certificate needs to be replaced long before its expiration date.
The most evident use of SSL-certificates is the previously mentioned transition from HTTP to HTTPS on a website, recognizable by the nowadays iconic padlock in the browser address field. The effect of a non-functioning SSL-certificate for websites is painfully clear when it happens. The entire link structure on the site is based on HTTPS, not HTTP. When the SSL-certificate for the site is not renewed, the entire site becomes unreachable for visitors since the protocol is not supported.
However, many forget that SSL-certificates are not just used for encrypting the traffic between a website and its visitors. SSL-certificates are actually used in a number of different ways, for many different purposes. For example VPN-connections, applications, cloud services, server to server communication and so on. Failing to manage SSL-certificates can affect a company’s entire infrastructure.
An example of this is the recent Oculus Rift service outage in March 2018, caused by an expired SSL-certificate.
These sorts of service disruption can affect customer loyalty!
Best procedure for managing SSL-certificates
At Ports Group, our aim is to ensure the same secure management of SSL-certificates as with domain names and trademarks. For maximum protection against certificates failing because of poor management, our recommendation is to always consolidate your certificates.
Let our team of experts help you with a plan for a more secure certificate management according to the following stages:
- The analysis
In collaboration with you, we analyse your current certificate situation. Which certificates are there? From which providers? And so on. The analysis is summarized in a document containing a recommended action plan for optimizing the current certificate management.
- Creating control
Based on the action plan, we enable the client to make sure every certificate is under control, with the aim of every certificate being managed by Ports Group for total control and security.
- Ongoing certificate partnership with portfolio management
Ports Group is a Platinum Partner of Digicert, and we have the ability to provide our clients with a smooth and secure certificate partnership, with one dedicated contact and safe management.
Want to check if you have an SSL-certificate?
We recently launched a free analysis tool named besafe.online. The tool primarily checks your site for an SSL-certificate, but also provides additional information related to the security of a site. For example, if the site has DNSSEC and DMARC implemented.
Click here to get to the tool: