SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems.Certificates protect client and server data, commonly involving confidential information such as credit card details or social security numbers.The purpose of this SSL Certificate Best Practices Policy, created by Scott Matteson for TechRepublic Premium, is to establish a set of best practices for the issuance, management, renewal/replacement, and revocation and/or retirement of certificates.
Featured text from the download: Issuing certificates Use dedicated internal certificate authorities for internal certificates.Make them redundant and ensure they are trusted by all internal clients and servers.Include any intermediate and root authorities to ensure the entire certificate chain is trusted.
Always use well-known external certificate authorities for public-facing certificates, as these are trusted by default in all major browsers.All processes/functions that can use SSL certificates should be configured to do so.Only issue/use certificates on authorized systems for business purposes.
Issue/obtain certificates with at least a two-year expiration date.Use at minimum 2048-bit encryption upon certificates.Use passwords with private keys where possible.
Configure private keys not to be exportable.Use auto-enrollment/renewal of SSL certificates where possible.It’s also worth considering the use of configuration management software for certificate deployment.
Strengthen your security operations with our six-page document.This is available for download at just $9.Alternatively, enjoy complimentary access with a Premium annual subscription.
TIME SAVED: Crafting this content required 12 hours of dedicated writing, editing, research, and design.Subscribe to the TechRepublic Premium Exclusives Newsletter Save time with the latest TechRepublic Premium downloads, including customizable IT & HR policy templates, glossaries, hiring kits, features, event coverage, and more.Exclusively for you! Delivered Tuesdays and Thursdays.
Subscribe to the TechRepublic Premium Exclusives Newsletter
Save time with the latest TechRepublic Premium downloads, including customizable IT & HR policy templates, glossaries, hiring kits, features, event coverage, and more.Exclusively for you! Delivered Tuesdays and Thursdays.