Public Key Infrastructure (PKI) supports digital certificates and their associated keys to verify the identity of users and devices to other users, devices and applications. As such, PKI is paramount to network and Internet security because sensitive communications must verify the party they’re communicating with. Many organizations manage the process in-house, but day-to-day distractions and lax governance can make that a dangerous model.
The challenge that many companies face is finding the right platform to manage those digital certificates – with capabilities that bolster security and a price tag that makes good financial sense.
What happens when an organization purchases the wrong certificate management platform?
Empecemos con una definición. En pocas palabras, un certificado comodín es un certificado de clave pública que puede utilizarse en varios subdominios. Por ejemplo, un certificado comodín emitido para https://*.examplecompany.com podría utilizarse para proteger todos los subdominios, como:
- blog.ejemploempresa.com
- móvil.ejemploempresa.com
Aquí viene el beneficio obvio de usar certificados comodín: con un único certificado digital, puedo asegurar y autenticar todos mis subdominios de cara al público, evitando la molestia de gestionar múltiples certificados. En lugar de comprar certificados separados para mis subdominios, puedo utilizar un único certificado comodín para todos los dominios y subdominios en varios servidores.
Sin embargo, los certificados comodín sólo cubren un nivel de subdominios, ya que el asterisco no coincide con los puntos. En este caso, el dominio resources.blog.keyfactor.com no sería válido para el certificado. Tampoco está cubierto el dominio desnudo keyfactor.com, que tendrá que incluirse como Nombre alternativo del sujeto independiente.
More and more companies who originally made a certificate management platform investment are now searching for a better alternative. Why? The reasons vary but a couple of core themes remain consistent:
Security Gaps
The investment in an automated certificate management is one of the most important investments any organization can make. Whether the impetus for investment is asset management, eCommerce or compliance control, you want to be able to trust that the platform is doing its job. But what happens if your certificate management system is not integrated to the CA? There could be a significant risk for a breach. And of course non-validated certificate requesters and non-secure connections increase these threats.
Additional Fees
Most organizations look for a platform that can deploy full-time operations management of all issued certificates. Very often these investments come with a hidden cost – a price per-certificate fee. As the organization’s digital certificate footprint grows, the platform costs increase exponentially, which can significantly impact your budget and ability to take on other initiatives. Today’s enterprise wants to invest in solutions that simplify operations, deliver security assurance, and doesn’t handcuff future projects and growth.
Does this look like your organization?
If so, and you find yourself searching for alternatives, consider these features in your new certificate-management platform:
- Ensure all private and public certificates are accounted for and securely deployed through CA gateways
- Proven uptime that avoids customer dissatisfaction and/or business disruption
- No per-certificate fees and the ability to scale – 500M+ certificates without slowing down
- Easy and fast integration without having to rip out your existing infrastructure
Consider CSS as a better alternative – as many of your peers already have.
If you’re ready to save, scale, and ensure your PKI and digital certificate security – click below learn more about the CSS Freedom Buyout Offer:
