In light of recent discussions by Google and Mozilla regarding digital certificate security, it's crucial for businesses to adopt agile and comprehensive solutions. Google's blog emphasizes the evolving threats and the need for robust solutions to handle potential CA compromises. Mozilla’s detailed report on the issues with Entrust further underscores these concerns by highlighting specific incidents of misissuance and non-compliance with industry standards.
Mozilla’s report revealed several critical incidents involving Entrust:
Misissued Certificates: Entrust issued certificates with incorrect information, undermining trust.
Delayed Revocations: There were significant delays in revoking compromised certificates.
Non-Compliance with Standards: Entrust failed to adhere to established industry standards and guidelines, leading to potential vulnerabilities.
Transparency Issues: Lack of timely and transparent communication regarding security incidents and misissuances.
This most probably means that companies relying on Entrust Certificate Services to issue their publicly trusted certificates will have to switch to another provider.
But first of all, this is unfortunately not the first time that such situation occur. About a decade ago, DigiNotar was removed, though for different reasons. And on top of that and more frequently, various organizations face the need to change their public or private CA providers. Think about:
Switching from public CA for commercial or contractual reasons
Implementing a new CA and switching to it when a subsidiary is spun off
Switching to the new mother company's CA after a company has been acquired
Renewing CAs, either as part of their lifetime or to improve cryptography
Evertrust's Certificate Lifecycle Management (CLM) solution, Horizon, provides unparalleled agility in managing digital certificates. This capability is particularly vital in scenarios where witching from a CA to another is required. Horizon ensures that businesses can swiftly transition to a different CA without disrupting their operations. This agility is achieved through Horizon’s seamless integration with various corporate and cloud environments, managing the lifecycle of certificates from issuance to renewal and revocation. With Horizon, businesses can:
Mitigate Risks: Quickly switch to a trusted CA if the current one is compromised.
Maintain Continuity: Ensure uninterrupted operations by preventing certificate-related downtimes.
Enhance Compliance: Stay compliant with evolving security standards and regulations by leveraging the flexibility of switching CAs.
Evertrust supports a diverse range of public CAs, ensuring businesses have multiple trusted options for their certificate needs. In addition to supporting ten public CAs, Evertrust integrates with NameShield, a comprehensive solution combining DNS management with certificates from multiple public CAs. This integration provides end-to-end automation, including Domain Control Validation (DCV).
The integration with NameShield offers several advantages:
End-to-End Automation: Automates the entire lifecycle of certificates, from issuance to renewal and revocation, reducing manual intervention and errors.
Enhanced Security: Combines DNS and certificate management to provide a holistic approach to digital security.
Streamlined Operations: Simplifies the management process by centralizing DNS and certificate management under a single solution.
Horizon CLM:
Automated Certificate Lifecycle Management: Automates the issuance, renewal, and revocation of certificates.
Seamless Integration: Works with both corporate and cloud environments.
Agility in CA Switching: Facilitates quick transitions between different CAs to maintain security and compliance. Horizon supports more than 15 PKI software, including the most popular ones such as Microsoft ADCS or Let's Encrypt.
NameShield Integration:
Public CA Support: Integrates certificates from various public CAs for robust security.
DNS and Certificate Management: Combines DNS management with certificate lifecycle management for streamlined operations.
Domain Control Validation (DCV): Automates DCV to ensure the authenticity of domain ownership and certificate issuance.
Future-Proofing Digital Security
With the growing complexities and threats in digital security, businesses must adopt solutions that offer flexibility, automation, and comprehensive management. Evertrust’s Horizon and NameShield integration are designed to future-proof digital security strategies by providing:
Scalability: Easily scale to accommodate growing and changing certificate management needs.
Interoperability: Ensure compatibility with various platforms and environments.
User-Friendly Management: Simplify certificate management with intuitive tools and dashboards.
In response to the evolving landscape of digital certificate security and the challenges highlighted by both Google and Mozilla, Evertrust offers robust solutions that empower businesses to maintain trust, security, and compliance. The agility provided by Horizon CLM and the comprehensive support for multiple public CAs through NameShield integration ensures that businesses can navigate the complexities of digital security with confidence and ease. By adopting Evertrust’s solutions, organizations can enhance their security posture, streamline operations, and ensure continuity in the face of emerging threats.
Marketing Ops Specialist
evertrust.io
EVERTRUST is a European company that provides a complete solution to manage your certificates. We are a team of experts in security and cryptography.
EVERTRUST
Products