PKI Blog

The Real Cost of an Expired Digital Certificate

Posted by CSS Technical Team on Jun 22, 2017 1:03:04 PM

The average global 5,000 company spends about $15 million to recover from a certificate outage. These estimates are based on a Ponemon survey of about 2,400 global respondents which include remediation costs, loss of productivity, lost revenues, and brand image damage.

Read More

Topics: digital certificate, Public Key Infrastructure, PKI, Digital Identity Management, Unplanned Outages

GlobalSign Certificate Conundrum – Why Doing PKI Right is Hard

Posted by Ted Shorter on Oct 14, 2016 12:39:36 PM

Yesterday (October 13, 2016), certain segments of the Public Key Infrastructue (PKI) world were spun into a frenzy, when a GlobalSign CA certificate appeared to have been revoked.  Clearly, revoking a CA certificate is a significant event, as all certs that chain through that CA effectively become invalid.

Read More

Topics: Public Key Infrastructure, PKI, GlobalSign, HTTPS, PKI GlobalSign

Advantages of a Professionally Managed PKI

Posted by CSS Technical Team on Sep 22, 2016 1:55:14 PM

Cybersecurity Today

Ever-evolving security challenges are dominating today’s IT landscape. Malicious actors are using every avenue possible to access sensitive and valuable data, from social engineering and DDoS to brute force methods. For example:

Read More

Topics: Public Key Infrastructure, PKI, PKI as a Service (PKIaaS), Public Key Infrastructure (PKI), PKI Managed Service, Managed Services, PKI help, PKI Health, PKI vendor

Top 5 Root CA Key Signing Ceremony Mistakes

Posted by Wayne Harris on Aug 31, 2016 9:03:30 AM

Trust, as it pertains to most components within a Public Key Infrastruture (PKI) is earned. It’s established as the result of some sort of evaluation. An evaluation that often involves a revocation check or policy check.

In the case of the root CA however, trust is *not* earned. In the case of the root CA, trust is assigned. This assigned trust is quite often mandatory from the perspective of subscribers and relying parties.

Read More

Topics: Public Key Infrastructure, PKI, root CA, Root CA Security, Root CA Key Signing Ceremony Mistakes

Let’s Get Physical – Securing Your Enterprise’s Root Certificate Authority

Posted by Max Szaniawski on Jun 1, 2016 10:20:24 AM

Having the privilege to work with some of the best, if not the best PKI and security professionals in the field, I have learned the extreme importance of the practices used in securing the root certification authority (CA) platform. This includes software level security, hardware level security, and physical security.

Read More

Topics: Public Key Infrastructure, PKI, root CA, Securing a root CA, Root CA Security

Authentication in an Ultra-Connected World: Internet of Things

Posted by Ted Shorter on Oct 1, 2015 6:05:00 AM

As PKI practitioners, we’ve been asked the question for years: “What’s the best way to get a digital certificate on _____?” What gets filled into the blank has expanded dramatically over time, however. Ten years ago, certificates landed primarily on what I’d describe as “traditional” IT infrastructure – servers, desktops, laptops, smart cards, RADIUS servers, or VPN concentrators. But since then, things have gotten much more interesting. Handheld scanners. Surgical robots. VOIP phones. Set-top boxes. Cable modems. Even heart monitors and IV pumps.

Read More

Topics: install certificates onto devices, digital certificates, cert, embedded systems, certificate, Microsoft Security Partner, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, Microsoft Public Key Infrastructure, Cisco Internet of Things, embedded certificates, embedded devices, Microsoft PKI, X.509 digital certificates, Internet of Things, IoT, Blog, Internet of Things (IoT), certificate install, BYOD, PKI Assurance

AD/CS Web Enrollment Delegation

Posted by Wayne Harris on Jun 11, 2014 5:46:29 AM

Have you ever had a problem installing the Active Directory Certificate Services Web Enrollment role feature on a server that is separate from the Certificate Authority?

Read More

Topics: digital certificate, microsoft ca, certificate, IT Security, Microsoft Security Partner, authentication, AD/CS, Public Key Infrastructure, Active Directory Certificate Services (ADCS), web enrollment, Active Directory Certificate Services, CA, AD/CS Web Enrollment Delegation, Blog, Microsoft Certificate Authority

Case Study: Azure Based PKI

Posted by CSS Technical Team on Jun 9, 2014 10:24:18 AM

A leader in the educational software market was developing a custom MDM solution enabling a Bring Your Own Device (BYOD) initiative for the classroom when their developers realized their need for an underlying security and Public Key Infrastructure (PKI). Purchasing individual certificates was out of the question, since their solution required very high certificate volume, and they were reluctant to roll out their own PKI, as reliability and high assurance were key requirements to meet their growing customer base. The customer engaged CSS after realizing that operating a full scale PKI was simply out of their wheelhouse.

Read More

Topics: Managed PKI, IT Security, Microsoft Security Partner, Public Key Infrastructure, Certificate Management System (CMS), PKIaaS, Azure PKI, PKI, PKI as a Service (PKIaaS), Public Key Infrastructure (PKI), Azure Based PKI, PKI as a Service, Blog, Got PKI?

Tips for Certificate Auto-Enrollment Issuance

Posted by CSS Technical Team on May 20, 2014 9:35:00 AM

I’ve often been asked by customers, "How does auto-enrollment work and under what circumstances will renewals, replacement, revocation, and updates happen?"

Read More

Topics: digital certificate, certificate revocation, Public Key Infrastructure, Certificate revocation list, Azure PKI, Certificate Auto-Enrollment Issuance, certificate replacement, revoked, CA, certificate renewal, replaced, renewed, Blog, CRLs

Where Does My Heartbleed Now?

Posted by Chris Hickman on Apr 15, 2014 6:00:29 AM

Vulnerabilities tend to morph over time. Upon initial identification, researchers, companies, and experts tend to rush to offer opinions, sometimes factual and sometimes less so.

Read More

Topics: Heartbleed, private key ssl, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, private keys, OpenSSL, Heartbleed vulnerability, private key, SSL certificate, Azure PKI, PKI, PKI as a Service (PKIaaS), heartbleed bug, SSL bug, private key heartbleed, Heartbleed android, Blog, private keys vulnerable

Posts by Topic

see all

Want to Learn more about CSS?