SSL certificates form the backbone of internet security, and the certificate authorities (CAs) that issue them represent the degree of trust users place in website communication. Google recently accused Symantec, one of the giants in the world of CAs, of violating that trust for thousands of organizations across the globe.
Google has alleged that Symantec mis-issued roughly 30,000 certificates over a period of several years. It is a serious accusation that completely undermines the trust users place in the encrypted web. To remedy the situation, Google announced that they will distrust all Extended Validation (EV) Symantec certificates for at least a year. Google also stated that the accepted validity period for all Symantec certificates will be gradually reduced.
Symantec has acknowledged at least some of the mis-issued certificates and has proposed a set of remedial measures after seeking feedback from its customers on the compatibility and interoperability issues that could arise from the implementation of Google's proposal. As part of these remedial measures, Symantec will conduct periodic audits of its issued certificates, allow third parties to audit its certificates, and shorten its certificate validity period to three months.
All these measures call for certificate life cycle automation. Although SSL certificates form the bedrock of website security, most organizations lack the agility to respond to CA issues of this scale. But failing to respond to critical situations, especially one like Google's boycott of Symantec certificates, might not only cause website downtime and errors, but also have a huge impact on the trust placed in an organization.
Key Manager Plus helps you react to such CA issues with ease by giving you complete visibility over your SSL environment. Follow these three simple steps to protect your organization from the Symantec certificate fallout:
Go ahead and give the trial version of Key Manager Plus a shot, and contact us for further assistance at email@example.com. Click here to download Key Manager Plus.