Discover SSH servers and keys.
Will you survive the certificate war between Google and Symantec?

Trust issues.

SSL certificates form the backbone of internet security, and the certificate authorities (CAs) that issue them represent the degree of trust users place in website communication. Google recently accused Symantec, one of the giants in the world of CAs, of violating that trust for thousands of organizations across the globe.

Google has alleged that Symantec mis-issued roughly 30,000 certificates over a period of several years. It is a serious accusation that completely undermines the trust users place in the encrypted web. To remedy the situation, Google announced that they will distrust all Extended Validation (EV) Symantec certificates for at least a year. Google also stated that the accepted validity period for all Symantec certificates will be gradually reduced.

Are you resilient to CA issues?

Symantec has acknowledged at least some of the mis-issued certificates and has proposed a set of remedial measures after seeking feedback from its customers on the compatibility and interoperability issues that could arise from the implementation of Google's proposal. As part of these remedial measures, Symantec will conduct periodic audits of its issued certificates, allow third parties to audit its certificates, and shorten its certificate validity period to three months.

All these measures call for certificate life cycle automation. Although SSL certificates form the bedrock of website security, most organizations lack the agility to respond to CA issues of this scale. But failing to respond to critical situations, especially one like Google's boycott of Symantec certificates, might not only cause website downtime and errors, but also have a huge impact on the trust placed in an organization.

Key Manager Plus helps you react to such CA issues with ease by giving you complete visibility over your SSL environment. Follow these three simple steps to protect your organization from the Symantec certificate fallout:

  • Filter out all Symantec certificates:
    First, you have to scan your network and isolate all the Symantec certificates. Key Manager Plus' discovery tool helps you filter out all the Symantec certificates in your environment, displaying them all in a single window.
     
  • Replace old certificates:
    After filtering out the Symantec certificates, you can opt to swap old Symantec certificates with new ones. Or you can request new certificates from other CAs by using the certificate request tool in Key Manager Plus.
     
  • Deploy new certificates:
    Once you've obtained certificates from various CAs, consolidate and deploy them on your respective domain servers directly from the Key Manager Plus certificate repository.
     

Go ahead and give the trial version of Key Manager Plus a shot, and contact us for further assistance at keymanagerplus-support@manageengine.com. Click here to download Key Manager Plus.