Tactical Advice

Getting a Handle on Digital Certificates

Here’s a primer on digital certificates and website security best practices.
Getting a Handle on Digital Certificates
Credit: iStock/ThinkStockPhotos

It's happened to all of us: The phone rings at 4 a.m., and on the other end of the line, someone from operations is telling us that they’re getting bombarded with calls from customers complaining that the organization's website is down. Someone forgot to renew the digital certificate, and a $499.00 gaffe is preventing any transactions from taking place.

Chances are that your organization relies on a set of digital certificates to secure e-commerce transactions, email messages, network traffic or any of a wide variety of communications that require encryption.

Let’s examine a few ways that IT workers can better manage those certificates to avoid being on the receiving end of that middle-of-the-night telephone call.

What Is a Digital Certificate?

Digital certificates are a convenient way to leverage the benefits of public-key encryption technology between parties that have no prior knowledge of each other. Their basic purpose is to provide a secure, trusted means for exchanging public encryption keys that can be used for subsequent communication.

The most common use of digital certificates is for the implementation of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption to support secure website communication. Websites wishing to implement SSL/TLS purchase a digital certificate from a third-party certificate authority (CA) that ensures that the public encryption key used by the website is valid and belongs to the organization that owns the domain name.

When a user accesses the website, the user's web browser downloads a copy of the certificate, verifies that it was issued by a mutually trusted CA, and then uses the public key to establish a secure communications channel.

A website protected by SSL/TLS encryption allow users to feel confident that they are indeed communicating with the claimed website and that their communication is protected against eavesdropping.

Tracking Certificate Expiration

Every digital certificate issued by a CA contains an expiration date, typically one or more years in the future, depending on the number of annual fees paid by the certificate subject at the time of issuance. When a user accesses a website that offers an expired digital certificate, the browser displays an ominous security warning that the digital certificate is not valid and that communications with the website may not be secure.

Seeing this type of message can erode users' confidence in the security of the website and make them hesitant to continue with their visits.

To avoid this scenario, website administrators should carefully track the expiration dates of the digital certificates in use on their sites. Administrators responsible for many domains may have a large number of certificates to track. While CAs typically send several warning messages before a certificate expires, it is best to maintain your own tracking system to ensure that those messages don't slip through the cracks.

It's not necessary to replace your certificate on the exact expiration date. Check with your CA for its specific renewal procedures; most will allow you to renew your certificate 30 to 90 days in advance and simply tack the remaining life of your current certificate onto the end of the renewal certificate that you purchase. This gives you enough leeway to ensure that you have time to renew and properly install your new certificate.

Protect Your Private Keys

Every digital certificate has an associated private key that is used by the protected server to decrypt communication from site visitors. Protecting the secrecy of this private key is critical, because anyone gaining access to it will be able to impersonate your website. In addition to securing the storage of your key on your server, you must also ensure that any backup copies of the key, in digital and/or paper format, are properly protected against theft.

Digital certificates play an important role in the security of websites and other applications requiring encrypted communications. Applying the best practices described here can help you ensure the security of applications certificates protect and the smooth continued operation of your security technology.

Sign up for our e-newsletter

About the Author

Mike Chapple

Mike Chapple is an IT professional and assistant professor of computer applications at the University of Notre Dame. He is a frequent contributor to BizTech magazine, SearchSecurity and About.com as well as the author of over a dozen books including the CISSP Study Guide, Information Security Illuminated and SQL Server 2008 for Dummies.

Security

Three Ways to Integrate Fire... |
Follow these tips to align the devices with log management and incident tracking systems.
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...