The most informative cyber security blog on the internet!

Notice: By subscribing to Hashed Out you consent to receiving our daily newsletter.

Certificate Lifecycle Management Best Practices

First Name Last Name Email Address Phone Company Job Title Country

*Information collected on this page will be used to send your eBook, and for marketing purposes. Learn More…

Don’t make the same the mistakes Yahoo, Equifax, Home Depot, LinkedIn, and Ericsson did.

Yahoo, Equifax, Home Depot, LinkedIn, and Ericsson. Nearly every week, yet another well-known brand makes headlines for all the wrong reasons: hackers gain access to their customer data; a certificate error causes their website to go down; or investigators fine them for compliance violations. This checklist will help you implement certificate management best practices to avoid similar problems for your company.

Avoid the 4 Horsemen of the Certificate Apocalypse:

Expensive Outages & Downtime
When certificates expire, websites break, applications go down, and business lurches to a halt. And not just your business — anyone relying on your organization will experience outages and downtime, too. For example, Ericsson had a certificate expiration in 2018 that cut cellular service for 32 million people for several hours.
Angry Customers & Partners
In business, both on- or offline, trust is currency. Your customers and partners trust you to be open, easily identifiable, and to have services available. When that doesn’t happen, your brand and reputation can suffer long-lasting damage. More than a year after the Ericsson incident, their customers are still angry. In fact, one of the company’s partners reportedly received up to £100 million from Ericsson as compensation for the downtime.
Regulatory Penalties & Non-Compliance Fines
Encryption and authentication are critical components of just about every compliance and regulatory framework. That means digital certificates are, too. A Ponemon Institute study found that certificate mismanagement costs the average enterprise just over $7.2 million per year due to failed audits and regulatory penalties.
Critical Data Breaches
Certificate expiration is far more treacherous than just an HTTP browser warning. It can open the doors for far greater attacks. An expired digital certificate shielded the Equifax data breach from detection for 76 days because it knocked out the company’s traffic inspection capabilities. Two years later, the credit bureau is still reeling, with costs at $1.4 billion and still rising!

How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome

5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018

Re-Hashed: How to clear HSTS settings in Chrome and Firefox

Re-Hashed: How to Fix SSL Connection Errors on Android Phones

Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms

Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message

How to fix the SSL_ERROR_RX_RECORD_TOO_LONG Firefox Error

The Difference Between Root Certificates and Intermediate Certificates

The difference between Encryption, Hashing and Salting

Rehash: How to Fix the SSL/TLS Handshake Failed Error

How to Remove a Root Certificate

This is what happens when your SSL certificate expires

How strong is 256-bit Encryption?

The 25 Best Cyber Security Books — Recommendations from the Experts

Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings

Browser Watch: SSL/Security Changes in Chrome 58

Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3

Taking a Closer Look at the SSL/TLS Handshake

Executing a Man-in-the-Middle Attack in just 15 Minutes

How to View SSL Certificate Details in Chrome 56

SSL and TLS Versions: Celebrating 30 Years of History

X9’s New PKI System Is Purpose-Built for the Financial Industry

9 Essential Tips for Businesses Responding to Consumer Privacy Requests

6 Updates to Know About Mark Certificates and BIMI

WHOIS Domain Control Validation Will Phase Out Starting Jan. 8

10 Phishing Awareness Tips to Keep the Grinches Away

What Is PKI as a Service (And Why Do I Need It)?

How to Set Up BIMI and a Mark Certificate to Display Your Email Logo

Which Browsers Still Use the Security Padlock Icon?

TLS 1.0 Inches Closer to Full Retirement (Nearly a Decade Later)

Common Mark Certificates Make It Easier to Display Your Logo in Gmail

What Is mTLS? A 4-Minute Look at TLS Mutual Authentication

20 Ransomware Statistics You’re Powerless to Resist Reading [Updated for 2024]

Building an Email Asset Inventory to Improve Email Deliverability & Security — Who Are Your Authorized Senders?

The Latest Quantum Computing & Cryptography News Round Up [September 2024 Edition]

2 Cyber Incidents That Cost One Company’s Clients $6M+

The Danger Within: Key Takeaways From 3 Insider Threat Examples

NIST’s 3 PQC Standards Are Out — Where Do We Go From Here?

Harvest Now, Decrypt Later (HNDL): A Look at This Current & Future Threat

What Is a Certificate Authority List and Where Can I Find One?

5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018

How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome

Re-Hashed: How to Fix SSL Connection Errors on Android Phones

Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid

This is what happens when your SSL certificate expires

Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message

Report it Right: AMCA got hacked – Not Quest and LabCorp

Re-Hashed: How to clear HSTS settings in Chrome and Firefox

Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms

The Difference Between Root Certificates and Intermediate Certificates

The difference between Encryption, Hashing and Salting

Re-Hashed: How To Disable Firefox Insecure Password Warnings

Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings

The Ultimate Hacker Movies List for December 2020

Anatomy of a Scam: Work from home for Amazon

The Top 9 Cyber Security Threats That Will Ruin Your Day