Companies should aim for better certificate protection

Companies should aim for better certificate protection

Brad Causey, a contributing writer for Dark Reading, examines the future of certificate technology by saying that something has gone wrong with how companies implement and manage their X.509 SSL certificates, the standard for public key infrastructure and privilege management infrastructure. He wonders what happened to how these keys were managed and what enterprises can do to help take better care of these X.509 SSL certificates.

"If we go back and examine how CAs have been compromised of late, it’s apparent that in nearly every case - including the high-profile breaches of certificate authorities Comodo and Diginotar - infrastructure security was breached or bypassed," Causey writes. "The protocols used with X.509 certificates and the certificates themselves operated as designed and expected."

Something that may go a long way toward helping the situation, according to Causey, is the Certification Authority Authorization, a joint effort between Comodo and Google that will allow people to have some more control over their certificate issuance and help prevent the purposeful and accidental issue of providing duplicate or fraudulent SSL certificates. He writes that there will also be a new model for validating requests, which will see a compliant certificate authority checking for publication of similar certificates and validating it before it is issued.

A white paper by VeriSign said there are some best practices that companies should have to manage SSL certificates, including an ability to scan the environment automatically, an easy-to-use management interface so nothing can get easily lost or misplaced, and alerts and reporting if there is a breach or certificate that may need to be pulled. The white paper said companies should also be flexible and scalable and timely when working with SSL certificates.

While some tweaks may be coming with managing X.509 SSL certificates, companies can still be vigilant and keep themselves and their customers safe online.