Blog

3 common PKI mistakes

Sep 30, 2020, 14:17 PM by Riaan De Villiers
3 common PKI mistakes that you do not have to learn the hard way.

3 common PKI mistakes

Public Key Infrastructure (PKI) is a set of hardware, software, policies and procedures needed to manage the digital certificate life cycle.

Digital certificates help organisations to secure their information, protect their networks, digitally sign documents, protect machine identities, etc.

PKI provides very good protection to organisations, however, managing a PKI solution can be a daunting task with many mistakes learned the hard way.

Here is 3 common mistakes.

1. Forgetting where your root-signing certificate authority is located

If an organisation keeps their root-signing certificate authority (CA) on a virtual machine, it is possible that the machine might go dormant. A well-meaning ops team might delete the virtual machine as part of a clean up process.

If this happens, the organisation will lose access to all machines that were using that CA when the digital certificates expire.

2. Using wildcard certificates indiscriminately

Wildcard certificates are easy to use so organisations tend to use them often. If their usages is not carefully documented and controlled finding and replacing expired certificates later could become a huge time-consuming burden. 

3. Using production certificates in the development environment

Using production certificates in the development environment is tempting since it might speed up the development process. However, in the long wrong this might do more harm than good.

Production certificates could grant full privileges to those who can access them and if they fall in the wrong hands they could be used to pivot across the organisation. In the hands of a malicious user the certificate could be used to impersonate, eavesdrop or monitor the organisation's infrastructure.

3 mistakes commonly made with PKI