SSL certificates should be managed across the enterprise

SSL certificates should be managed across the enterprise

When buying and installing SSL certificates by VeriSign, Thawte and GeoTrust, it's a good first step to install them and make sure they work, but a white paper from Symantec stresses the importance of managing these keys across the business. Instead of having to worry about a security breaking point, managing certificates in their complete life span across the enterprise ensures that they can stay as secure as possible.

"Managing individual certificates across a large organization quickly becomes complicated with multiple locations, many divisions, and rapidly growing web-based services," the white paper said. "If an SSL certificate expires, a company not only loses sales and puts customer confidence in jeopardy, employees and business partners may not be able to do their work or risk exposure of confidential information. Managing SSL certificates across complex networks to ensure protection and prevent unanticipated expirations has become mission critical to all businesses."

Taking control of these SSL certificates doesn't have to be too hard for businesses, as Symantec gives easy steps for taking control of SSL certificates and even code signing digital certificates. The white paper said companies should first perform an audit of all domains and certificates, consolidate the certificates into a managed account, define a process for the organization, and then set up alerts and run regular reports on the certificates. The company can then revoke and replace certificates when they need to be.

SSL certificates need to be managed in order to prevent vulnerabilities. Symantec's website said vulnerability assessments can help companies manage security by detecting entry points that may be used by attackers to get access to information and data companies would otherwise try to keep private. Managing VeriSign SSL certificates should be a priority for eCommerce websites using them.