PKI Blog

5 Risks of Gambling With a Wild Certificate Count and PKI

Posted by CSS Technical Team on Jun 4, 2018 3:42:44 PM

Gambling means being prepared to lose everything. When working with an out of control, unmanaged digital certificate count and public key infrastructure (PKI), the risks of facing issues with financial and productivity losses are extremely high. Are you prepared to gamble with some of your most valuable IT assets? Let's explore five common unmanaged certificate and PKI related scenarios, their financial implications and how to prevent them from occurring in your enterprise.

Read More

Topics: digital certificates, Digital Identity Management, ROI public key infrastructure

Google vs. Symantec: Increasing Your SSL Certificate Visibility

Posted by CSS Technical Team on Sep 7, 2017 11:40:56 AM

Symantec SSL Customers, do you know where your certificates are located?

In March, Google announced they discovered a problem with Symantec issued SSL certificates. Google identified roughly 30,000 SSL certificates that violated industry standards defined within the CA/B forum baseline requirements.  After the discovery, Google and Symantec solidified an agreement which will affect new and existing Symantec customers moving forward.  The original deadline for reissuing affected Symantec/GeoTrust/Thawte certificates was pushed back from August 2017 to April 2018.

Read More

Topics: SSL certificates, Symantec, DigiCert, Digital Identity Management, GeoTrust, Thawte

Simplifying the Microsoft Policy Module with CMS Enterprise

Posted by Sami Van Vliet on Aug 15, 2017 12:46:02 PM

CMS Enterprise now provides exclusive, real time policy control at the Certificate Authority (CA), providing the most comprehensive security compliance for certificate issuance available today.

The CMS Custom Policy Modules intercept the certificate requests and can then perform important security-enhancing actions such as:

  • Allowing only certain IP addresses to request certificates. Preventing a user with access to the CA itself from being able to request a certificate outside of the approved CMS Enrollment process.
  • Using the CSS-patented VSCEP™ technology, CMS secures on-device key generation during certificate enrollment for iOS and Mac devices, without the use of client-side agents.
Read More

Topics: digital certificate management, X.509 digital certificates, Digital Identity Management, Microsoft Policy Module, PKI management

The Real Cost of an Expired Digital Certificate

Posted by CSS Technical Team on Jun 22, 2017 1:03:04 PM

The average global 5,000 company spends about $15 million to recover from a certificate outage. These estimates are based on a Ponemon survey of about 2,400 global respondents which include remediation costs, loss of productivity, lost revenues, and brand image damage.

Read More

Topics: digital certificate, Public Key Infrastructure, PKI, Digital Identity Management, Unplanned Outages

Giving the Internet an Identity: How to Manage Digital Identities

Posted by CSS Technical Team on Feb 19, 2016 12:11:59 PM


If your organization is managing a significant volume of digital certificates (over 100), and expects continued rapid growth, your security team should consider an automated certificate lifecycle management solution.

When facing the responsibility to ensure the health, validity, and expiration dates of a large number of digital certificates, using an Excel spreadsheet is not a scalable or smart option. Letting just one certificate expire can be catastrophic. Having access to a solution that catalogs and monitors each certificate, alerts your team of expirations or issues, and assists in automating the re-issuance of revocation of certificates for the given data, device or application adds a layer of assurance to your security posture as well as satisfies an audit/compliance requirement.

Read More

Topics: digital certificates, Digital Identity Management, PKI for IoT

PKI Design Considerations for a Non-Contiguous Subscriber Namespace

Posted by Jake Chang on Jun 2, 2015 3:42:58 PM

In this blog, we'll explore taking business enablement to the next level by integrating two security technologies, PKI and Identity Federation.

Read More

Topics: PKI, Digital Identity Management

Why PKI in 2015?

Posted by Wayne Harris on Apr 28, 2015 1:30:00 PM

The Internet of Things (IoT), from a security perspective, ultimately equates to an ever increasing need to more securely authenticate people, services, computers and devices across a wide spectrum of platforms. This means that Public Key Infrastructure (PKI) issued digital certificates are playing an ever more important role as a secure authentication mechanism within the enterprise and beyond.

Read More

Topics: PKI, Digital Identity Management

Windows Server 2012 R2 NDES Woes

Posted by Sarah Duncan on Apr 11, 2015 11:03:00 AM

We recently did an implementation of our Certificate Management System (CMS) version 4.0 product for a customer and ran into a bizarre problem with Microsoft's implementation of SCEP--the Microsoft Network Device Enrollment Service (NDES) certificate authority role service under the Active Directory Certificate Services (AD CS) role--on Windows Server 2012 R2 that we had never encountered before. I thought I'd tell you all about it so in case you run into this issue, you won't have to beat your head against the wall quite as long as we did before coming up with a solution.

Read More

Topics: Windows Server 2012 NDES, Digital Identity Management

Encryption as Protection

Posted by CSS Technical Team on Apr 2, 2015 11:52:00 AM

Data breaches have become part of our daily news. We only have to mention Anthem, Sony, Staples, UPS, Kmart, Target, Neiman Marcus, eBay, Home Depot, Apple iCloud, J.P. Morgan Chase and most of us know that those company names are also associated with widely published cyber-attacks.

Read More

Topics: Digital Identity Management, Encryption

ITIL Change Management

Posted by Max Szaniawski on Apr 1, 2015 1:49:00 PM

Change Management is one of the most important processes of Service Transition because it allows us to:

  • Reduce Costs
  • Lower Overhead
  • Add to bottom line
  • Improve Productivity
  • Improve Quality
  • Improve Services

The RFC (Request for Change) can be generated from anywhere in the organization. Implementing a Change Management program allows us to quickly update configurations, resolve errors and adapt to a changing environment.

Read More

Topics: ITIL, Change Management, Digital Identity Management

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?