Organizations should follow standardized security policies for generating CSRs and certificates. However, when users generate CSRs independently, they tend to use outdated encryption algorithms or key lengths to sign the certificates, that violate these policies and leaves the network vulnerable to cyber-attacks.
The certificate and CSR creation process should be centralized, so that administrators can ensure that the certificates and the keys used to sign them are generated in accordance with the organization's security policies and NIST recommended algorithms. Also, the administrators need a method to identify and delete certificates that do not follow these practices.
Key Manager Plus helps automate the identification of vulnerable certificates in your network. It automatically identifies the certificates that are signed with weak algorithms like SHA-1. Also, the encryption algorithms, key lengths and other details of the rest of the certificates too can be tracked from Key Manager Plus, which helps you identify and remediate certificates that do not follow security policies of the organization.