PKI Blog

The Right Way to Find and Protect Code Signing Certificates

Posted by CSS Technical Team on Apr 6, 2018 11:33:57 AM

The demand for trust in today's uber-connected digital society is unprecedented. Consumers of software require guaranteed proof that the application they are using is legitimate. Secure code signing validates the author of the software and proves that the code has not been altered or tampered with after it was signed. Trusted code signing certificates are used to verify authenticity, but what is preserving the integrity of those certificates?

Read More

Topics: Public Key Infrastructure (PKI), Crypto-agility, weakening cryptography, secure code signing, find code signing certificates, the right way to protect code signing certificates

You have choices in certificate and PKI management – Why CSS?

Posted by Tom Klein on Aug 10, 2017 3:41:43 PM

The quandary in buying a solution to any business problem is am I making the best choice and will our company derive value from that selection?

In representing a variety of solutions to customers over more than 35 years, I have found a few consistent characteristics of customers that have been happy with their decision.

Read More

Topics: PKI, Public Key Infrastructure (PKI)

Google Chrome Version 58: Short and Long Term Fixes

Posted by CSS Technical Team on May 5, 2017 2:02:23 PM

With Google’s recent Chrome 58 version update, your Public Key Infrastructure (PKI) may suddenly be impacted. Your formerly-compliant HTTPS certificates may no longer be working. CSS is here to explain what has changed, why has it changed and how to identify which certificates may be impacted. We will look at a temporary Google Chrome work around and view best practice security settings to adopt when working with SANs (Subject Alternative Name) certificates.

Read More

Topics: expired certs, Public Key Infrastructure (PKI), Google Chrome Version 58, CRL Monitoring, Certificate Provisioning, PKI for chrome

PKI Implementation Project Management: Best Practices

Posted by CSS Technical Team on Sep 27, 2016 4:29:04 PM

Your PKI Implementation—What’s Involved?

Public key infrastructure (PKI) strict implementation management is not optional—it’s necessary. Whether your organization is in the wireless space, implementing a BYOD initiative, or tackling the upgrade to SHA-2, managing a PKI project isn’t a simple process. However, there are a number of best practices your business can employ to ensure a successful implementation.

Read More

Topics: PKI, Public Key Infrastructure (PKI), DIY PKI

Advantages of a Professionally Managed PKI

Posted by CSS Technical Team on Sep 22, 2016 1:55:14 PM

Cybersecurity Today

Ever-evolving security challenges are dominating today’s IT landscape. Malicious actors are using every avenue possible to access sensitive and valuable data, from social engineering and DDoS to brute force methods. For example:

Read More

Topics: Public Key Infrastructure, PKI, PKI as a Service (PKIaaS), Public Key Infrastructure (PKI), PKI Managed Service, Managed Services, PKI help, PKI Health, PKI vendor

Don’t just manage your certificates - control your Public Key Infrastructure (PKI).

Posted by CSS Technical Team on Sep 8, 2016 9:36:06 AM

Featuring a lesson from the Death Star

PKI is an entire infrastructure supporting trusted certificates

As more enterprises implement their own internal Public Key Infrastructure (PKI) to save money on purchasing an increasing volume of digital certificates, the need for tools to centralize, monitor and manage certificates across all issuing sources continues to be critical. One common tool is certificate management software. While certificate management software certainly helps organizations evolve from the stone ages of manually documenting certificate details in a spreadsheet, many certificate management applications only scratch the surface of what enterprises really need. In other words, while managing certificates is critical to prevent outages and breaches, stand-alone certificate management software is not light years ahead of platforms that do more to improve IT and security team efficiency and help organizations meet regulatory and audit compliance requirements.

Read More

Topics: PKI, Public Key Infrastructure (PKI), Star Wars, Death Star

Infographic: 2016 PKI and IoT Security Predictions

Posted by CSS Technical Team on Aug 1, 2016 3:59:21 PM

In 2016 digital identity cyber crimes have grown exponentially. As businesses continue to brace against cyber adversaries and look to secure the Internet of Things (IoT), Public Key Infrastructure (PKI) is continuing to prove that it is an economical and reliable technology that delivers a secure and high-performance solution. Check out the infographic then the full blog to learn more about why each prediction was made and what it means to your business.

Read More

Topics: digital certificates, PKI, Public Key Infrastructure (PKI), Cyber Security

Infographic: Digital Certificates and Cyber Security Stats

Posted by CSS Technical Team on Jun 21, 2016 3:39:55 PM

In 2016 CSS Research surveyed information security professionals on their current and anticipated digital certificate usage related to enterprise and Internet of Things (IoT) use cases. This infographic outlines key findings from the survey proving the importance of proper Public Key Infrastructure (PKI) and digital certificate usage and management in the fight against cyber crime.

Read More

Topics: digital certificates, PKI, Public Key Infrastructure (PKI), Cyber Security

Establishing A Private OID

Posted by John Redding on Apr 15, 2016 10:51:18 AM

As a Public Key Infrastructure (PKI) best practice, Certificate Policies are associated with a PKI by reserving and incorporating unique object identifiers (OID) into all or portions of your PKI.  OIDs are used to assign one or more Certificate Policies to a given CA.

Read More

Topics: PKI, Public Key Infrastructure (PKI), PKI OID, PKI Object Identifiers

Policy, Implementation, Change and Problem Management for PKI

Posted by Andrew Prayner on Jun 8, 2015 8:48:30 AM

A Public Key Infrastructure (PKI) is a set of hardware, software, people, policies and procedures needed to create, manage, distribute, store and revoke digital certificates and manage public key encryption. It is often said (especially within the consultant community) that PKI implementations follow the 80/20 rule… 80% planning and 20% execution. This concept cannot be overstated. But it’s most often applied to those PKI specific, cryptography-related decision points such as namespaces, key lengths, signature hash algorithms and so forth. These are critical, to be sure… and difficult, if not impossible, to change after the fact. But equally important – especially in the medium to large enterprise space – are the non-technical, organizational aspects of PKI. This blog post will focus on the organizations within the enterprise that are PKI stakeholders, whether they know it or not, and their touch points that can be leveraged toward an optimal deployment, and thus ultimately an optimal ROI.

Read More

Topics: digital certificate management, Public Key Infrastructure (PKI)

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?