Whether you run a PKI or just buy certificates, you need to keep track of all types of certificates and secrets.
Your company uses certificates to authenticate, sign contracts, encrypt emails and run web services.
Each time, new employees start at your company, new certificates and private keys are issued.
While other employees leave, devices are taken out of service and certificates need to be revoked.
The whole time, certificates need to be renewed and managed.
On top, modern authentications like smart card and FIDO2 can be stored on mobile devices, USB hardware tokens or can be biometric based.
Over the years, many certificates, private keys and devices need to be managed by your organization, all of which require your undivided attention.
The solution is a fully automated workflow through a certificate management system.
Common use of certificate management systems
Certificate management can be divided into categories of origin and usage:
1. Externally issued certificates
- S/MIME certificates will be purchased from a Trusted certificate authority.
- With the help of a device management system, you can install S/MIME certificates directly on devices.
However, this has two disadvantages:
- The certificate will not be renewed and installed automatically.
- A misconfiguration or incorrect operation is accompanied by a full loss of email readability.
→ Both lead to an interruption in the use of the email service.
A fully automated email encryption gateway is a better choice when it comes to take care of the whole certificate management process and ensures that all email communication is either fully encrypted and signed or just signed.
- Document signing certificates are purchased from a Trusted service provider.
- These certificates are legally relevant and must be kept very carefully.
Therefore, a certificate management systems will take care of the certificates and ensures a trustful handling.
2. Internally issued certificates
- Device certificates will be issued mainly by your internal certificate authority.
As a PKI owner, you must pay close attention to the expiration dates of your certificates. Otherwise, business operations may be interrupted or data may be lost.
The distribution of certificates is a sensitive process that must be closely monitored, otherwise unauthorized persons can gain higher access rights and decrypt data.
Conclusion
Manually managing certificates is an almost impossible task that is time-consuming and insecure. Certificates must be managed fully automatically by a management system.
* * *
If you are still not convinced, …
… take a closer look at a 5-year certificate life cycle
For example, each employee receives an external certificate to encrypt emails, another certificate to sign contracts and at least two internal device certificates for notebook and mobile phone to log onto the network.
These 4 certificates add up to a total of 14 renewals over 5 years and must be replaced manually.
Multiply these numbers by the number of employees you have and add the number of devices in your company.
Whether there are 500 or 1,000 employees in the company makes no difference here.
7,000 or 14,000 certificate operations must be executed efficiently without errors to prevent significant security incidents.
Talk to us if we have raised your interest.
We will be happy to provide you further information.
