DV Certificate Automation: A Game-Changing Solution by KeyTalk

DV Certificate Automation: A Game-Changing Solution by KeyTalk
13 Dec ‘23

Introduction

In the rapidly evolving landscape of cybersecurity, digital certificate management is undergoing a significant transformation. Traditionally, many organizations have relied on manual methods for managing their certificates, This approach has sufficed, especially considering the one-year validity period of TLS/SSL certificates. However, a recent announcement by Google proposes a drastic reduction in the lifespan of public TLS certificates from 398 days to just 90 days.

Implications

The implications of this proposal are far-reaching, compelling organizations to renew their digital certificates four times more frequently. Managing this process manually, involving tasks such as identifying expiring certificates, obtaining new ones, revoking the old ones, and deploying the replacements, becomes cumbersome. With this accelerated validity period, IT security teams are faced with the challenge of quarterly renewals for each certificate, a daunting task given the proliferation of certificates in most enterprises.

Certificate automation

In response to this challenge, automation emerges as the optimal solution. The Automatic Certificate Management Environment (ACME) protocol, developed by the Internet Security Research Group (ISRG), provides an effective means for automating the request, enrollment, and installation of certificates. While initially designed for Let’s Encrypt CA, ACME has been widely adopted by commercial Certificate Authorities (CA’s) for diverse endpoints. However not for Domain Validated (DV) certificates.

Commercial CA support for DV automation

The majority of Certificate Authorities focus on robust and also more expensive certificates than DV. DV certificates, offering minimal validation, are suitable for many scenarios. However, organizations often prefer a combination of more extensive validation, for “Organization” Validated (OV) or “Extended” Validated (EV) certificates, particularly for critical servers, in combination with DV certificates for common servers. Leading CAs like DigiCert, GlobalSign, and Sectigo offer ACME automation for OV and EV certificates but haven’t extended this to DV certificates.

KeyTalk brings DV automation for commercial CA’s

Recognizing the shifting landscape and the demand for DV certificate automation, KeyTalk has extended the functionality of the KeyTalk Certificate & Key Management System (CKMS) to support the automation of DV Certificates based on ACME. Starting January, this feature will be available for DigiCert DV certificates, with support for GlobalSign and Sectigo DV certificates slated for release in Q1 2024.

For organizations navigating the evolving requirements of digital certificate management, this new feature promises enhanced efficiency and security. For inquiries about this exciting development, please don’t hesitate to contact us. We’re here to help you navigate the future of certificate management seamlessly.

 

The KeyTalk Team