Digital certificates are a big part of the enterprise security picture, but often times issues that are found within an environment aren’t really fixed until it’s too late.  SSL/TLS certificates are often mismanaged, rife with issues like a lack of best practice, misconfiguration, expired certificates and just plain and simple errors.  The implications could mean a compromise of trust, which are the keys to the kingdom.  In fact the list of vulnerabilities can be quite long and pretty ugly because you could walk into almost any organization and find up to thousands of certificates floating about each with some level of authority, and the odds of some issue within are not good.  Consider that even one misconfigured certificate could be an entry point for an attacker with a spoof, man-in-the-middle attack or any number of encryption exposure points, and it is pretty obvious that this is a critical task for any organization to take on.

Introducing Digicert Certificate Inspector

DigiCert’s new tool DigiCert Certificate Inspector is designed to help find these critical issues throughout an environment.  By uncovering significant problems like misconfiguration and implementation issues, the organization is quickly alerted to their overall certificate health status from throughout their certificate environment.

New tool provides comprehensive analysis of all SSL/TLS certificates and termination end points; highlights vulnerabilities and recommends remediation steps

Many IT environments track certificates within a spreadsheet or some other manual means, and they rely on manual updating and tracking which are resource intensive, prone to error and inaccurate.  IT environments may also not have structured or well-followed certificate deployment processes in place, adding to the issue of vulnerabilities induced by misconfiguration.  It’s also quite common to see “shadow IT” operations spring up and rogue non-tracked, non-sanctioned certificates start to promulgate and thus adding to the challenge and elevated risk.

Status and what to do about it

DigiCert Certificate Inspector allows for rapid and complete knowledge of how a certificate is deployed, where certificates are found and whether they follow best practices.  The tool uncovers everything from expired certificates, cipher issues, weak hash algorithms keys that are weak and more, then presents an appropriate remediation for each issue.  It also features a proprietary algorithm that allows the Certificate Inspector to analyze the collected data and assign each of your SSL Certificates and Endpoints a letter grade, A – F.

Beginning today, security professionals can use the Certificate Inspector to:

• Establish their security baseline with a real-time, comprehensive overview of SSL certificates and their termination endpoints across the entire network.

• Detect vulnerabilities via scanning for problematic certificates or server configurations and easily review results using Certificate Inspector’s intuitive dashboard.

• Analyze security data points either by aggregate or specific to each certificate and endpoint.

• Mitigate discovered vulnerabilities, such as BEAST, and lack of compliance with industry guidelines such as the CA/Browser Forum Baseline Requirements, through recommended steps.

• Renew expiring certificates through DigiCert’s express provisioning process.

• Archive snapshots from each detection event to document improvements over time.

• Run reports from any location with DigiCert’s cloud-based administrative controls.

Using a proprietary algorithm, the Certificate Inspector analyzes SSL certificates and termination endpoints for many security factors, including:

• Weak keys, ciphers and hash algorithms

• SSL/TLS versions

• Expiring certificates

• TLS renegotiation

• Perfect Forward Secrecy

• Configuration vulnerability to CRIME, BREACH, BEAST, etc.

• Mismatched server/certificate names

• Missing AIA’s

SSL Industry Leadership

Digicert CEO Nicholas Hales adds the following:

“By providing actionable information about certificate configuration and deployment status, combined with remediation tools, DigiCert helps organizations close the gap between certificate procurement and secure certificate deployment,” said DigiCert CEO Nicholas Hales. “The deployment of securely configured certificates is an important line of defense against unwelcomed surveillance. Certificate Inspector will help organizations shine a light on the areas within their network that could pose lurking threats. We believe that this tool can build upon the efforts of others in the security community to improve online trust in a new, tangible way.”

DigiCert was one of our focus companies from our CyberSecurity prediction series.  The company is a community leader in the arena of online trust with a global customer base and operation that is dedicated to the best in security practices.  Offering a range of SSL-centric services, they offer a number of fantastic tools that are very much centered directly on the enterprise.  DigiCert Certificate Inspector is the latest in that lineup and there are clearly many environments that will benefit from such a powerful and easy to use tool.  It’s also free to use.

photo credit: Helzer via photopin cc