Public Key Infrastructure (PKI) supports digital certificates and their associated keys to verify the identity of users and devices to other users, devices and applications. As such, PKI is paramount to network and Internet security because sensitive communications must verify the party they’re communicating with. Many organizations manage the process in-house, but day-to-day distractions and lax governance can make that a dangerous model.
The challenge that many companies face is finding the right platform to manage those digital certificates – with capabilities that bolster security and a price tag that makes good financial sense.
What happens when an organization purchases the wrong certificate management platform?
Lassen Sie uns mit einer Definition beginnen. Einfach ausgedrückt ist ein Wildcard-Zertifikat ein öffentliches Schlüsselzertifikat, das für mehrere Subdomains verwendet werden kann. Ein Wildcard-Zertifikat, das für https://*.examplecompany.com ausgestellt wurde, kann beispielsweise zur Absicherung aller Subdomains verwendet werden, wie z. B:
- blog.beispielfirma.de
- mobile.beispielfirma.de
Hier kommt der offensichtliche Vorteil der Verwendung von Wildcard-Zertifikaten zum Tragen: Mit einem einzigen digitalen Zertifikat kann ich alle meine öffentlich zugänglichen Subdomains sichern und authentifizieren, ohne dass ich mehrere Zertifikate verwalten muss. Anstatt separate Zertifikate für meine Subdomains zu erwerben, kann ich ein einziges Wildcard-Zertifikat für alle Domains und Subdomains auf mehreren Servern verwenden.
Wildcard-Zertifikate decken jedoch nur eine Ebene von Subdomains ab, da das Sternchen nicht mit Punkten übereinstimmt. In diesem Fall wäre die Domäne resources.blog.keyfactor.com nicht für das Zertifikat gültig. Ebenso wenig ist die nackte Domain keyfactor.com abgedeckt, die als separater Subject Alternate Name aufgenommen werden muss.
More and more companies who originally made a certificate management platform investment are now searching for a better alternative. Why? The reasons vary but a couple of core themes remain consistent:
Security Gaps
The investment in an automated certificate management is one of the most important investments any organization can make. Whether the impetus for investment is asset management, eCommerce or compliance control, you want to be able to trust that the platform is doing its job. But what happens if your certificate management system is not integrated to the CA? There could be a significant risk for a breach. And of course non-validated certificate requesters and non-secure connections increase these threats.
Additional Fees
Most organizations look for a platform that can deploy full-time operations management of all issued certificates. Very often these investments come with a hidden cost – a price per-certificate fee. As the organization’s digital certificate footprint grows, the platform costs increase exponentially, which can significantly impact your budget and ability to take on other initiatives. Today’s enterprise wants to invest in solutions that simplify operations, deliver security assurance, and doesn’t handcuff future projects and growth.
Does this look like your organization?
If so, and you find yourself searching for alternatives, consider these features in your new certificate-management platform:
- Ensure all private and public certificates are accounted for and securely deployed through CA gateways
- Proven uptime that avoids customer dissatisfaction and/or business disruption
- No per-certificate fees and the ability to scale – 500M+ certificates without slowing down
- Easy and fast integration without having to rip out your existing infrastructure
Consider CSS as a better alternative – as many of your peers already have.
If you’re ready to save, scale, and ensure your PKI and digital certificate security – click below learn more about the CSS Freedom Buyout Offer:
