Digital certificates: hugely important, easily overlooked. It happens to the best of us, even powerhouses like Google, which recently caught the wrong end of this in a big way. The tech giant made headlines when countless Gmail users were met with security warnings upon attempting to access email. Turns out, the company failed to renew an intermediate SMTP certificate, rendering smtp.google.com unsecured and triggering Google Internet Authority G2 to issue the warnings to users.
Embarrassing? Sure. But it was also potentially dangerous to users and Google alike. Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi, told SecurityWeek about the incident, “Without an active immune system to keep certificates in check, at best you get certificate expirations and downtime. At worst, you get the misuse of certificates like we’ve seen against Google and Microsoft in the last two weeks.” The vulnerabilities created by this lapse in certificate renewal (and the unwelcome publicity in high profile cases such as Google or Microsoft) can be very serious, indeed.
The severity of potential consequences, and the relative frequency with which high profile organizations seem to get into trouble here, would suggest the certificate renewal process must be a highly technical, tedious, or complex one. But the truth is, it’s really pretty easy. “Technically, stopping certificate outages is just keeping track of dates and serial numbers," Bocek continued in his interview with SecurityWeek.
Simple as keeping track of dates and serial numbers, you say? Surely there’s an easy way to go about that. If you’re a Cherwell Software user, there absolutely is. In a case of impeccable timing (seriously), we released a Cherwell mApp designed to tackle this very issue just a few short days after Google’s misstep. The new mApp, currently available as a free download from the Cherwell mApp Exchange, provides two types of configuration items: one for tracking domain names, one for tracking SSL certificates. It includes custom statuses, registration and expiration date fields, and regular reminders when expiration dates approach. It’s the simple solution to a simple problem that’s long overdue. See the demo here.
So, remember: keep your expiration dates all in one place, get consistent warnings when it’s time to move, and stay in front of it. Simple.