SSL certificates are quickly becoming the fabric of the new web. It helps ensure that the web has a base level of privacy and integrity, while ensuring that information is transferred from point A to point B securely. It’s one of the core tenants of security for any modern website.
As we, as an industry, march towards 100% HTTPS adoption, we turn our focus to some of the new challenges we can anticipate. From my perspective, the one very blatant issue is going to come in the form of certificate management. Unlike Hypertext Transfer Protocol (HTTP), HTTPS is not a default configuration in most of today’s web servers. What this means is that the responsibility falls on the everyday website owner to manage and maintain their certificate through its entire lifecycle.
A perfect example of the impacts of poor certificate management can be found in this past week’s reporting on the state of US Federal websites that are now inaccessible because of expired certificates. For those unaware, the US Federal government is currently shut down. This means that only essential workers are available, and all non-essentials workers are on furlough. The impacts of this have been felt across the entire federal government and have affected network and system administrators across multiple agencies. This has led to the certificates on websites of the U.S. Department of Justice and the Court of Appeals to expire; a result of some 80 SSL certificates expiring on .gov domains.
The message is designed to deter the user from proceeding and depending on your browser (Chrome in this example) the user cannot access to the website. For an organisation like the US Federal government or Fortune 500 enterprises, the impact will be minimal. These websites are traditionally informational in nature, designed to educate and inform their visitors. They don’t depend on web traffic.
The same cannot be said for the small businesses we service. The impact to these small businesses can be exponential resulting in negative economics (e.g., no sales) and lost trust with your online subscribers and shoppers. It takes a long time to build a relationship with our audience, but a heartbeat to lose that same relationship.
Tackling certificate management for the small business
Certificate management is not a new concept, it’s been around for a long time within the enterprise ecosystems. Large organisations invest heavily into certificate management, ensuring that critical external and internal systems never have certificates fail. Fortune 500 companies are no different, and yet their current certificate issues amplify the importance, and challenges, associated with certificate management.This, though, has not always made its way to the everyday website owner.
Over the past weeks we have been conceptualising a new service at ComCanaria known as Managed HTTPS.
This is a productized, white-glove, service designed to help streamline the deployment, configuration and management of a websites SSL certificates.
The service is designed to offer the following:
The service brings certificate management to the masses and offers websites owners an “easy” button when it comes to their SSL certificates. Through this service, our customers no longer have to take on the ownership of ensuring HTTPS is functioning correctly and takes us one step closer to making security seamless and transparent.