SSL Certificate Ownership
SSL certificates are electronic credentials used to proclaim the online identities of individuals, computers, and other entities on a network. SSL certificates function similarly to identification cards such as passports and driver’s licenses. They are issued by certification authorities (CAs) that must validate the identity of the certificate-holder both before the certificate is issued and when the certificate is used. Common uses include business scenarios requiring authentication, encryption, and digital signing.
SSL certificates are what empower websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website’s origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website’s public key and the website’s identity, along with related information. Most of us would have noticed that every security/identity, say driver’s license or passports come with validity; the certificates are entitled to a definite valid period.
All good things come to an end. SSL certificates do expire. They expire because the information needs to be periodically re-validated to check whether it is still authentic and accurate. Content on the internet and websites changes, and so do the people in an organization.
The SSL certificates have attributes like subject, serial number, issuer, Valid From, Valid To, Public key, Signature Algorithm, Signature Value, Extended Key Usage (EKU), Subject Alternative Names (SANs), Organization, Organization Unit and Meta Data on the organization.
Problem Statement
Certificates on their own (parameters) do not possess any data on who the owner is.
It is instead stored in ten different ways by various consumers. Some store in excel sheets, some store in Databases, Some don’t store it at all. Sometimes, the individual may possess a certificate, and the information pertaining to the ownership of the certificate is not shared with other users. When the concerned individual leaves the organization, the certificate ownership goes unnoticed, thereby the expiration. When the cert expires, it is a mad scramble to find who owns it, who needs to initiate the renewal and who does the deployment and in what time. Certificates expiring are a big reputational and security risk.
How does AppViewX solve the problem?
AppViewX solution enables an authorized user to manage ownership of an SSL Certificate Asset in an organization. As a matter of fact, there are no Certificate Attributes related to Ownership within an SSL Certificate, AppViewX provides a platform to assign and manage ownership via CERT+, a Centralized Certificate Lifecycle Management Solution.
● For the existing certificates that are in AppViewX, an authorized user can request for the ownership/transfer of selected SSL certificates; the user can provide inputs such as Certificate Group and User Group and request for the ownership claim.
●The request is sent to a designated Manager/ PKI Admin for approval, and once approved, the ownership of the certificate is updated with the user details.
●A user can also claim ownership for oneself and for their user groups as well.
●In the case of user groups, it’s a brownie point for the whole group to own the certificate, and the certificate never goes boom.
●It also eases the job of adding new owners to the ownership possession because for any new users requesting for the certificate ownership ofa particular certificate group, any of the existing owners can add him/her to the user group, thus enabling the ownership to the user.
Thus the AppViewX solution allows the user/user group to manage ownership of an SSL Certificate Asset in an organization in a way that the certificate does not go unnoticed whenever its owner leaves the organization.
