PKI Blog

The Real Cost of an Expired Digital Certificate

Posted by CSS Technical Team on Jun 22, 2017 1:03:04 PM

The average global 5,000 company spends about $15 million to recover from a certificate outage. These estimates are based on a Ponemon survey of about 2,400 global respondents which include remediation costs, loss of productivity, lost revenues, and brand image damage.

Read More

Topics: PKI, Digital Identity Management, digital certificate, Unplanned Outages, Public Key Infrastructure

The Importance of Digital Certificate Management

Posted by Michael Kubach on Dec 22, 2016 3:52:35 PM

How Properly Managing Digital Certificates Enhances Your Security Posture

Digital Certificate Management and Cyber Security Today

Cryptography itself has been around for a while; what’s interesting is how it’s evolved over time. The landscape is changing from back in the day when we had mainframes and large computing power—with everything becoming smaller, and given the proliferation of devices and IoT, that’s a marked shift is happening in the marketplace. More and more digital certificates are being placed onto phones, iPads, Android devices, and even onto objects that simply have Bluetooth connections that require authentication. Large companies that are making Internet of Things (IoT) devices need to know how to secure them. Even cars have network stacks, and thus the need to be able to upgrade firmware.

Read More

Topics: digital certificate, PKI, cybersecurity

FinTech and PCI DSS: Effectively Securing Financial Data

Posted by CSS Technical Team on Nov 11, 2016 2:33:40 PM

PKI and Digital Certificates as a Solution for PCI Compliance

Cyber Threats of the Financial Sector

Financial services is navigating an interesting time: eight years have passed since the crash of 2008, allowing enough time for market healing, while mass digitalization has taken a strong hold. Online portals and mobile apps are the norm, among a slew of other technology innovations being adopted in financial services to respond to the high demands of today’s digital consumer. Sure, these changes bring greater convenience to the customer and increased cost efficiency to the institutions, but it also brings significantly higher cyber security risks. 

Read More

Topics: PKI, cybersecurity, Financial Security, digital certificate

Securing Internet Enabled Consumer Devices (IoT)

Posted by CSS Technical Team on Mar 2, 2015 8:00:00 AM

The Internet of Things (IoT) or the Internet of Everything (IoE) is coming. Ok, so it's already here.  A snowball rolling down a slope gaining momentum and size, IoT is dominating trade show floors and executive agendas.  As the world smiles while dreaming of high availability cloud based "smart devices" we as security professionals shudder at the thought of privilege escalation and man in the middle attacks.  It's our job to ensure digital user identity, to secure the internet of things.

Read More

Topics: digital certificate, certificate, Internet of Things (IoT), Internet of Everything, consumer security

AD/CS Web Enrollment Delegation

Posted by CSS Technical Team on Jun 11, 2014 5:46:29 AM

Have you ever had a problem installing the Active Directory Certificate Services Web Enrollment role feature on a server that is separate from the Certificate Authority?

Read More

Topics: digital certificate, microsoft ca, certificate, IT Security, Microsoft Security Partner, authentication, AD/CS, Public Key Infrastructure, Active Directory Certificate Services (ADCS), web enrollment, Active Directory Certificate Services, CA, AD/CS Web Enrollment Delegation, Blog, Microsoft Certificate Authority

Tips for Certificate Auto-Enrollment Issuance

Posted by CSS Technical Team on May 20, 2014 9:35:00 AM

I’ve often been asked by customers, "How does auto-enrollment work and under what circumstances will renewals, replacement, revocation, and updates happen?"

Read More

Topics: digital certificate, certificate revocation, Public Key Infrastructure, Certificate revocation list, Azure PKI, Certificate Auto-Enrollment Issuance, certificate replacement, revoked, CA, certificate renewal, replaced, renewed, Blog, CRLs

Five Common “DIY PKI” Mistakes to Avoid

Posted by Ted Shorter on Apr 4, 2014 3:20:46 AM

In the 12+ years that CSS has been helping organizations deploy Public Key Infrastructures, we frequently run into situations where PKI components are already present in the environment. Often it’s an older PKI that someone new to the organization has inherited and wants help evaluating; sometimes it’s a “temporary” deployment that an organization is looking to improve upon. In others, it may simply be a PKI design that a customer wants us to review and provide feedback before deployment. In any case, these “Do-It-Yourself” installations, like any PKI, can create problems, headaches, and occasionally even more serious issues if mistakes are made during the design, deployment, or operation of the PKI. And while it’s often quite easy to deploy PKI components, PKI does tend to be one of those technologies where you have exactly one chance to get it right: at install time. After that, many parameters are more or less set in stone, and a re-deployment becomes the only way to fix a mistake.

With that in mind, this is in no way an all-inclusive list, but here are five of the most common mistakes we see when encountering “DIY” PKI:

Read More

Topics: digital certificate, microsoft ca, IT Security, Microsoft Security Partner, PKI error, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Azure PKI, PKI, PKI as a Service (PKIaaS), CA, PKI deployment, PKI mistakes, Blog, PKI CA, DIY PKI, PKI installation

Apple’s SSL Bug: Another Man-in-the-Middle Attack

Posted by Ted Shorter on Feb 22, 2014 6:38:25 PM

The Problem

Read More

Topics: digital certificate, Apple’s SSL Flaw, Apple flaw, iOS 7, IT Security, Microsoft Security Partner, apple MITM attack, apple security flaw, on device key generation, Industry Trends, SSL attack, Man in the Middle Attack, ODKG, Blog, Mac SSL, Apple SSL, client-side SSL certificates, MITM, apple ssl attack, iOS 7 SSL

AirWatch & CSS - Partnership Featuring Certificate Management System

Posted by Sarah Hance on Sep 24, 2013 11:58:24 AM

Cleveland, OH - September 24, 2013 - Certified Security Solutions' Certificate Management System (CMS) is featured in the AirWatch Marketplace as a fully integrated mobile certificate solution. Developed to give AirWatch customers and partners a centralized location to identify technologies that complement their investments in AirWatch and additional mobile avenues, the AirWatch Marketplace is reserved for top solution providers with proven integration benefits.

Read More

Topics: digital certificate, digital pki, Public Key Infrastructure, issue mobile certificate, AirWatch, PKI, cert management, Microsoft PKI, mobile certificate, certificate management, Internet of Things, expired certificate, AirWatch marketplace, Press Releases, BYOD

1024-bit RSAs Days are Numbered

Posted by Ted Shorter on Jul 9, 2013 6:49:48 AM

In December of 2011, the CA/Browser Forum, comprised of representatives from the major Certification Authorities such as Symantec, Comodo, GoDaddy, and DigiCert, as well as browser vendors such as Microsoft, Apple, Mozilla, and Opera, published a document called "Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates.” This document outlines an agreed-upon set of minimum standards for SSL/TLS cert vendors.

One of these standards essentially calls of the elimination of certificates with 1024-bit RSA public keys by the end of 2013: any RSA-keyed certificate, even end-entity (“subscriber”) certificates, that expire after Dec. 31, 2013, must have a key of at least 2048-bits. This is big news in some circles; a number of public cert vendors have had to change their procedures, and, more significantly, start migrating their customer bases to 2048-bit certs. Many started this process quite a while ago.

Read More

Topics: digital certificate, RSA cert length, apple, Symantec, Public Key Infrastructure, Comodo, certificate 2013, RSA certificate length, Industry Trends, DigiCert, SSL certificate, 1024-bit RSA, PKI, TLS cert, Microsoft PKI, digital certificate length, Blog, 1024 certificate length, cert length 2013, GoDaddy, Mozilla

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?