SSL automation should be at the forefront of every brand’s digital agenda. 1 September 2020 marked a big change for the way business manage their SSL certificates. The major browser will now only trust SSLs with a validity period of 397 days or less. That is just one year plus a one-month grace period for renewal.
The changes aim to improve security for users and given them security that the website of application they are accessing is not compromised. Apple, Google and other major brands successfully argued that the shorter the validity period of a certificate, the more secure it is.
The key advantages for reducing the recognised period of an SSL are:
- A shorter lifespan for keys, which means a shorter lifespan for compromised keys, as well. With shorter certificates, you have a smaller window of exposure if a key is stolen.
- Certificate security updates are rolled out into the wild at a much quicker pace.
- Organisational information is updated on a yearly basis, including company names, addresses, and domains, which translates to increased user trust.
- Automation is encouraged. With a good certificate management system in place, there is no difference in convenience between shorter and longer lifetimes. They are automatically re-issued when needed, regardless of the validity period.
Increased SSL administration
Multiyear SSLs were a way that companies with hundreds to thousands of SSLs would reduce the administration associated with SSL registrations and renewals. Every time an SSL is up for renewal, a brand must go through the CSR generation process, the validation process and then the installation process. This can take hours to days. Multiply this by a few hundred SSLs a year and this is a serious resource strain. Brands must now allocate resources to comply with the new SSL policy to ensure that they are recognised by browsers. They have the option of implementing an automated SSL renewal solution or allocating resources to deal with the increase SSL workload. We estimate that the average OV SSL takes in total 2 hours to administer over 48 hours, so the strain for brands with multiple SSLs will be significant.
Automate, Don’t Under Estimate
A good certificate management system means that brands don’t have to worry about the re-issuing SSLs everytime it comes up for renewal. All you need to do is setup your system to auto re-issue your certificate every 13 months (or more frequently if you want).
You can implement true SSL automation using different protocols CAs provides. They allows for communication with the CA directly from your server and makes the installation process completely hands-off, requiring no help from the administrator. Using automation protocols is faster and easier than the manual method, and it eliminates the threat of unanticipated certificate expirations. Your costs will be lowered as well, since your staff won’t have to spend their time performing the tedious, time-consuming certificate management tasks. You’ll expose yourself to less human error and will be able to recover from any security incidents more quickly and easily. If you’ve been putting off implementing an automated certificate management platform, now is a great time to do so.
Brandsec is a corporate domain name management and brand protection company that look after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.