THE NEED FOR BETTER SSL TRACKING
Do you know where you have SSL certiﬁcates installed? How about when each certiﬁcate is going to expire and which CA you ordered from? What about the hashing algorithm or key lengths used? The answers are likely no, or at the very least yes, but it’s diﬃcult to compile all the information.
Organizations often order certiﬁcates from multiple vendors and install throughout their networks, both internally and externally. While there are many advantages to this ﬂexible, custom approach, it can make things diﬃcult for whoever’s in charge of managing the certiﬁcates and renewals.
Our new Certiﬁcate Inventory Tool ﬁnds all SSL certiﬁcates on your networks, both internal and public-facing, regardless of the issuing CA. The resulting inventory is available in an easy-to-use portal, allowing you to run reports on usage, upcoming renewals, conﬁgurations, and CA issuance.
HOW IT HELPS
- Find and monitor all internal and public SSL Certiﬁcates from one location, regardless of issuing CA, including self-signed
- Avoid unexpected expiration with email reminders to renew
- Easily track the source/issuing CA for all of your certiﬁcates
- Locate any certiﬁcates that may have been purchased ad hoc by other individuals or departments
- Save valuable time and resources over manual monitoring
- Keep up with baseline requirements and best practices with the ability to run reports on key length, hashing algorithm, and other conﬁguration options
Expired public SSL certiﬁcates can trigger alarming warnings in browsers, damaging your company’s reputation and decreas- ing traﬃc to your site. Internally, expirations can disrupt the processes dependent on the encrypted communication. Fortu- nately, the Certiﬁcate Inventory Tool makes it very easy to avoid costly certiﬁcate expirations.
After your certiﬁcates have been inventoried, you will receive email alerts when they are nearing expiration. Once you renew the certiﬁcate and run the scan again, the status will be updat- ed and you will stop receiving expiration notices.
KEEP UP WITH SSL BEST PRACTICES
Best practices for key lengths, validity period, hashing algorithm, and other certiﬁcate options are constantly being revised. The Certiﬁcate Inventory Tool makes it easy to scan your entire repository of certiﬁcates to ensure they are all up to date and compliant with the latest recommendations.
You can conﬁgure your account to match your corporate policies on minimum settings for key length, signing algorithm, Issuing CA, validity period minimum/maximum, etc. All of your certiﬁcates will be measured and reported against these custom policies. You can have diﬀerent policies for internal and external certiﬁcates, or for diﬀerent network segments.
HOW IT WORKS
The process for scanning your networks to locate certiﬁcates is slightly diﬀerent for public-facing versus internal use cases. To scan internal networks, you must ﬁrst download and install an agent locally. After that, everything is handled through the Inventory Tool portal.
- Create a job in the portal (ie., a range of IP addresses, a domain, or a host name) and then select if you want this run from the Inventory Tool server, or sent to a local agent
- Run the job or schedule it to be run later
- The Inventory Tool will scan the sites for SSL Certiﬁcates either from the service, or via the speciﬁed local agent
- Results will be automatically uploaded to your portal for reporting and further investigation
Results from the scans are automatically uploaded to your portal where you can easily run reports and view the status of certiﬁcates, including issue date, issuing CA, expiration date, and validity period.