Identify and fix vulnerabilities in your SSL certificates
DigiCert announced DigiCert Certificate Inspector, a tool designed to quickly find problems in certificate configuration and implementation, and provide real-time analysis of an organization’s entire certificate landscape, including SSL termination endpoints.
SSL/TLS certificates are a key defense against unwanted surveillance of online user activity. Yet, too often system administrators fail to properly configure certificates, unknowingly leaving open vulnerabilities.
Keeping up with the latest security best practices as well as monitoring certificates is a daunting task, particularly for enterprises managing thousands of certificates. Frequently, manual tracking processes are used, which introduce human error and result in downtime or unknown security vulnerabilities such as configuration with cipher suites vulnerable to CRIME, BEAST, BREACH or other attacks.
In other cases, departments outside of IT might deploy their own certificates, creating a blind spot for Administrators. This also can lead to configuration challenges that downgrade the effectiveness of the SSL certificates upon which organizations rely.
With Certificate Inspector, security professionals can discover forgotten, neglected or misconfigured certificates, and identify potential vulnerabilities, such as weak keys, problematic ciphers and expired certificates. For each potential threat detected, the tool provides a list of remediation activities.
Certificate Inspector scans the user’s network detecting all certificates in use, inspects SSL configuration and implementation, and then displays the results in an intuitive and interactive dashboard.
Security professionals can use the the tool to:
- Establish their security baseline with a real-time, comprehensive overview of SSL certificates and their termination endpoints across the entire network.
- Detect vulnerabilities via scanning for problematic certificates or server configurations and easily review results using Certificate Inspector’s intuitive dashboard.
- Analyze security data points either by aggregate or specific to each certificate and endpoint.
- Mitigate discovered vulnerabilities, such as BEAST, and lack of compliance with industry guidelines such as the CA/Browser Forum Baseline Requirements, through recommended steps.
- Renew expiring certificates through DigiCert’s express provisioning process.
- Archive snapshots from each detection event to document improvements over time.
- Run reports from any location with DigiCert’s cloud-based administrative controls.
Using a proprietary algorithm, the Certificate Inspector analyzes SSL certificates and termination endpoints for many security factors, including:
- Weak keys, ciphers and hash algorithms
- SSL/TLS versions
- Expiring certificates
- TLS renegotiation
- Perfect Forward Secrecy
- Configuration vulnerability to CRIME, BREACH, BEAST, etc.
- Mismatched server/certificate names
- Missing AIA’s.
For each SSL certificate and termination endpoint, administrators receive a vulnerability report, a corresponding grade and a quick list of best practices for mitigating discovered weaknesses.
“By providing actionable information about certificate configuration and deployment status, combined with remediation tools, DigiCert helps organizations close the gap between certificate procurement and secure certificate deployment,” said DigiCert CEO Nicholas Hales. “The deployment of securely configured certificates is an important line of defense against unwelcomed surveillance. Certificate Inspector will help organizations shine a light on the areas within their network that could pose lurking threats. We believe that this tool can build upon the efforts of others in the security community to improve online trust in a new, tangible way.”