PKI Blog

Switching to the Right Digital Certificate Management Platform

Posted by Anthony Ricci on Aug 17, 2018 1:15:41 PM

Public Key Infrastructure (PKI) supports digital certificates and their associated keys to verify the identity of users and devices to other users, devices and applications. As such, PKI is paramount to network and Internet security because sensitive communications must verify the party they’re communicating with. Many organizations manage the process in-house, but day-to-day distractions and lax governance can make that a dangerous model.

Read More

Topics: digital certificate management, certificate management fees, PKI management costs

DevOps: How to Securely Spin Up Containers using CMS, Puppet, and Ansible

Posted by Jake Adkins on Aug 13, 2018 4:05:25 PM

There are many benefits to the automation of container deployment, but these benefits do not come without their complications. The DevOps efforts have made hard coding credentials into cloud-init scripts common practice, but this poses major security risks. Moreover, what if you need to get a certificate on to one of these instances? Do you save it into an image or configuration file? This poses even greater risk, as an adversary now has access to an exportable private key. Using tools like Puppet or Ansible conjointly with our Certificate Management System (CMS) platform, we can mitigate these risks and request the certificate uniquely for the container or virtual machine at the time of its creation. This post will demonstrate this concept in the context of Microsoft Azure VMs.

How to Securely Spin Up Containers using CMS, Puppet, and Ansible

Read More

Topics: Certificate Management System (CMS), DevOps, Puppet, Ansible

How to Manage Application Certificates with Docker

Posted by Rex Wheeler on Aug 13, 2018 3:42:07 PM

Clients commonly ask us how to use our PKI and digital certificate operations management platform, CMS, to manage application certificates in a DevOps environment. They are “containerizing” their applications with Docker and want to manage certificates within Docker containers.

Read More

Topics: DevOps, Docker Containers, manage application certificates, Infrastructure as Code (IaC)

Enterprise IT Scenarios Demanding Crypto-Agility

Posted by CSS Technical Team on Aug 6, 2018 3:20:50 PM

 In an evolving cyber security landscape, defenses must continually evolve. Static systems are not only inherently insecure, they are less so with each passing day. This principle applies to cryptography as much as to other types of cyber-defenses. And with the advent of quantum computing, most analysts agree that common cryptographic algorithms will eventually become ineffective. The scale of the potential threat is immense — for nearly all the hardware and software we use in both traditional IT environments and burgeoning Internet of Things (IoT) ecosystems.

Read More

Topics: digital identity, Cryptography, Crypto-agility, quantum computing

5 Risks of Gambling With a Wild Certificate Count and PKI

Posted by CSS Technical Team on Jun 4, 2018 3:42:44 PM

Gambling means being prepared to lose everything. When working with an out of control, unmanaged digital certificate count and public key infrastructure (PKI), the risks of facing issues with financial and productivity losses are extremely high. Are you prepared to gamble with some of your most valuable IT assets? Let's explore five common unmanaged certificate and PKI related scenarios, their financial implications and how to prevent them from occurring in your enterprise.

Read More

Topics: digital certificates, Digital Identity Management, ROI public key infrastructure

How to Regain Control of Compromised IoT Device Certificates

Posted by JD Kilgallin on Apr 25, 2018 3:19:42 PM

Imagine a world with no access controls. A free for all resulting in chaos thanks to broken processes, zero audit trails, and no way to administer rights to the appropriate devices or people. Luckily, today’s IoT driven world is layered with access controls designed to streamline and simplify alongside of prioritizing the most important aspect - security.

With CMS VerdeTTo and the VerdeTTo Access Valve for ThingWorx, devices can be constrained to only access systems under certain conditions, such as connecting from certain known locations or during certain expected operating hours. VerdeTTo also allows devices with compromised certificates to quickly be disabled, preventing them from accessing network resources and systems.

Just one click changes a metadata value for the compromised certificates through the VerdeTTo portal, while the VerdeTTo Access Valve immediately terminates the device’s access to the ThingWorx platform. But once a device is compromised (especially if a broad range of devices are compromised) how do you securely bring everything back online?

Read More

Topics: Public Key Infrastructure, PKI, IoT, Internet of Things (IoT), LiveWorx, Cryptography

The Right Way to Find and Protect Code Signing Certificates

Posted by CSS Technical Team on Apr 6, 2018 11:33:57 AM

The demand for trust in today's uber-connected digital society is unprecedented. Consumers of software require guaranteed proof that the application they are using is legitimate. Secure code signing validates the author of the software and proves that the code has not been altered or tampered with after it was signed. Trusted code signing certificates are used to verify authenticity, but what is preserving the integrity of those certificates?

Read More

Topics: Public Key Infrastructure (PKI), Crypto-agility, weakening cryptography, secure code signing, find code signing certificates, the right way to protect code signing certificates

7 Beneficial Features You’re Missing Without a Certificate Lifecycle & PKI Operations Platform

Posted by Sami Van Vliet on Mar 30, 2018 2:40:07 PM

Overwhelmed by manual Public Key Infrastructure (PKI) & certificate management processes? Burdened with worry of rogue certificates or certificate-related outages? Worried you've lost all control of your PKI? Stop losing and start gaining control by actualizing the features and benefits not available when manually managing your digital certificates and PKI.

Read More

Topics: expired digital certificates, PKI management, efficient certificate management

How to Gain Guaranteed ROI with a Managed PKI

Posted by Chris Hickman on Mar 23, 2018 10:05:44 AM

What is a Managed PKI? - Your PKI, Our Management and Service
CMS Sapphire™ professionally managed Public Key Infrastructure (PKI) from Certified Security Solutions (CSS) allows you to maintain complete control over the use of your Root CA keys and PKI recovery materials while transferring day-to-day PKI management and oversight to experts.

Read More

Topics: Managed PKI, Public Key Infrastructure, ROI PKI, managed public key infrastructure

Automating SAN Compliancy with CMS 5.0

Posted by Jonathan Ossovicki on Mar 1, 2018 4:52:41 PM

Chrome 58 Patch Stirs up Controversy and Commotion

A few short months ago Google released a patch (v.58) on its widely used Chrome browser. This patch being released forced us all to question the way we are doing certificate issuance and retroactively broke a lot of browser and webserver connections simultaneously.

Read More

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?