Managing Digital Certificates using Key Store Management System

Cryptography is the only foolproof means available for securing of online transactions. Digital Certificates are the digital identities given to end users, systems, network devices for authenticating the end entities.

Digital certificates are used for

  • checking the integrity of data by digitally signing the messages that flow over insecure network
  • maintaining confidentiality of data by encrypting the content so that only intended recipients can view the data
  • authenticating the sender of a message, etc..,

Since Digital Certificates are used to identify the owner, there needs to be a process for procuring the Digital Certificate. Typically Digital Certificates are issued by a Certifying Authority (CA) which publishes the process and does thorough verification of the documents supplied by the individual requesting the certificate and only upon successful verification issues the certificate. However there are many instances where enterprise CAs are setup within organization to secure communication and certificates are issued to enterprise users.

Every Digital Certificates has a validity period, for end entities it is typically 1-3 years. However the Issuing Authority's certificate or Root certificates have higher validity period.

Let us take an example of one of the widely used certificate for securing communication channel : SSL certificate. Every financial website uses SSL certificate to secure the communication channel since there is an exchange of sensitive data/information. If an SSL certificate hosted on a web server expires, all end users who access the website see a certificate error displayed by the browser. If a widely used website encounters such an error, the reputation of the organization is at stake. The impact is more if an automated process is setup to perform transactions, where the transactions fail when the certificate expires. Digital certificates have to renewed or replaced before the expiry date and all the stake holders/applications which depend on the certificate have to be intimated. Ignoring or missing out on Digital Certificate renewal is a serious concern since it would lead to down time and put the organization's image at stake.

Garter has published a report on certificate monitoring which can be viewed at http://www.gradian.co.uk/publish/wp-content/uploads/2012/02/x509_certifi...

We have built a product which does monitoring of Digital Certificates and much more. Other key features of the product are sending email notifications prior to certificate expiry, providing a snapshot of certificate status, reporting, monitoring of certificates on end points on various key stores and also centrally, Digital Certificate provisioning, etc.

Rate this article: 
No votes yet

There are 2 Comments

Most organizations are unaware of the scale of the problem that they face and hence auto discovery will be a key feature to get started.

You are right Harjinder. In all the cases we were approached after the problem was reported. This is a serious concern where organizations have to be equipped to avoid getting into such a situation.