Organizations are relying more and more on PKI (Public Key Infrastructure) certificates to protect critical resources. While that in essence is a good thing, the management of those certificates has become a potential cybersecurity nightmare.
After all, PKI certificates are used for authenticating users, servers, or devices online, meaning that they are critical for establishing trust. What’s more, certificates are commonly used for signing code, documents, or email to validate their legitimacy. And in many cases, PKI certificates establish a secure foundation to encrypt data and communications transiting untrusted networks.
Simply put, PKI has become far too important to ignore and is now the foundation of data protection in the modern enterprise, and failure to effectively manage PKI certificates can have significant reputational and financial consequences for organizations.
Recent service outages caused by expired certificates have highlighted the fact that even companies generally regarded as technology experts can struggle with the burden of PKI management. Disruptions to services like Microsoft Teams and Spotify highlight that effective PKI certificate management can be a challenge for any business.
PKI certificates can no longer be easily managed with spreadsheets, documents, post-it notes, or physical binders. Manual management leaves far too much room for error, and improperly managed certificates can become an attack surface for today’s cybercriminals. Roseland, NJ-based Sectigo aims to reduce the burdens of PKI certificate management with Sectigo Certificate Manager, a PKI management platform that brings both automation and visualization to the once tedious chore of certificate management.
A Closer Look at Sectigo Certificate Manager
As the name implies, Sectigo Certificate Manager is all about managing PKI certificates. However, that overly simplified moniker hides what it takes to manage PKI certificates, especially when those certificates may number in the thousands, have different expiration dates, may come from numerous authorities, or have different use cases.
Obviously, it takes more than just a dashboard to deal with all those intricacies, which is why Sectigo refers to its certificate manager as a platform. Understanding what that means in the context of PKI certificates requires a much deeper dive into the product.
First of all, one has to understand what a PKI certificate life cycle is. Perhaps, the simplest definition is the cradle to grave existence of a certificate. After all, enterprises can buy certificates from a certificate authority, and certificates can evolve over time, and finally certificates may need to be replaced.
What’s more, those certificates may be private (self signed), used for signing code, encrypting email, bringing SSL security to servers or devices, or securing mobile devices. That means there may be a lot of different flavors of PKI certificates, each with their own life cycles.
Sectigo Certificate Manager tackles those issues by becoming a centralized management point for all of the certificates across the enterprise. In other words, Certificate Manager becomes the single source of truth for all of an enterprise’s certificates.
From the outset, the product was designed to be a single platform for the discovery, reporting, installation, and renewal for all public and private certificates in use. Sectigo further leverages the concept of a single platform by offering a dashboard that acts as a single pane of glass view into the overall health and status of the PKI certificate infrastructure.
Hands on Sectigo Certificate Manager
Sectigo Certificate Manager is cloud based, meaning that installation and configuration of the platform proves rather straightforward. Sectigo offers extensive help and resources to ease setup. Initial setup requires navigating to a URL provided by the company. However, before going any further with the platform, it is critical for the administrator to have an understanding of PKI certificates and knowledge of the network.
The platform offers several “tours” which do a very good job of explaining the features and how to accomplish particular tasks. Once logged in, administrators are presented with a dashboard, which offers several tabs for navigation. One of the first tasks will be to setup administrators, as well as other users and assign the appropriate rights. Administrators will also need to define the organization and domains, as well as a few other settings.
Once the initial configuration is done, administrators will need to scan for existing certificates, which imports the certificates into the platform for management. Administrators can also manually import certificates, however that requires that the administrator is aware of those certificates. The discovery scan proves quite thorough. The product also allows administrators to define automatic discovery scans, which should pick up newly issued certificates.
Ultimately, the goal here is to have Sectigo Certificate Manager become the complete management platform for all PKI certificates, which includes being able to order or renew certificates. However, since discovered certificates were not originally ordered using the platform, those certificates will be treated as external, meaning additional steps must be taken to automate the management of those certificates.
The discovery process can be further defined using administrator authored rules, which can help to reduce many of the manual steps normally required to import certificates. In other words, rules can be created to bring certificates into a certain domain or under a specific organization or department.
Discovered Certificates Are Displayed on the DashBoard
Certificate discovery and adding certificates to the platform are a critical component of management. However, once certificates are accounted for, Sectigo Certificate Manager really begins to shine. The primary dashboard offers a clear view of the status of the certificates, as well as highlighting critical information. The products ability to present that information with a single pane of glass view helps to reduce the administrative load.
The platform’s main dashboard offers drill down capabilities as well as tabs to other functions. Those managing a PKI certificate infrastructure will appreciate the included reports. Reports can be quickly generated showing the status of certificates and critical information related to certificates. Those reports should prove useful when it comes to budgeting for certificate purchases or deciding if particular certificates should be deprecated. What’s more, the inclusion of departmental information allows IT to determine the appropriate charge backs for certificates.
One of the most powerful features offered by the platform comes in the form of notifications. Here, administrators can define custom notifications which are used to inform managers of critical issues surrounding PKI certificates, such as certificate expirations. Notifications are customizable and can be created for multiple users/administrators, as well as for different conditions.
Sectigo Certificate Manager helps to automate many other functions around the management of PKI certificates, such as renewals, self-enrollments, and even ordering new certificates. Having a single source of truth for certificates proves to be very valuable for an enterprise. One other capability that could potentially solve problems for those in the development arena comes in the form of being able to setup a private CA (certificate authority), which enables IT staffers to assign certificates to internal projects. Once a private CA is created, administrators can enroll trial certificates and have them authenticated to the private CA.
That capability could potentially remove many of the challenges faced by DevOps practices by bringing private certificates into the pipeline, reducing the need for any externally assigned certificates.
Unified management for PKI certificates
Sectigo Certificate Manager brings unified management to PKI certificates and with that management comes additional capabilities. The platform’s ability to automate some of the more tedious tasks of certificate lifecycles should save IT staffers a significant amount of time, while also reducing common mistakes.
With PKI certificates being used across numerous domains and for numerous use cases, centralized management that also offers visibility could be a potential game changer for those enterprises struggling with certificates. Automation, reporting, real time monitoring, and continuous discovery should help to take the chaos out of certificate management, while also enhancing security.
