Dec 18, 2020, 12:08 PM
Riaan De Villiers
Learn from the professionals. Do not make these 5 PKI mistakes.
5 common PKI mistakes to avoid
In today's post we will list 5 common Public Key Infrastructure (PKI) mistakes to avoid.
Implementing and operating a PKI solution is not easy. Small mistakes can turn into big catastrophe's if not caught early enough.
So be on the look out for these mistakes!
1. Know where your root-signing certificate authority is installed
It might sound obvious, but, if your root-signing certificate authority resides on a virtual machine and it goes dormant - you do not want your I.T. operations team to delete it during a routine clean up operation!
2. Keep track of your wildcard certificates
Wildcard certificates are easy to use, so organisations tend to use them a lot. So much, that operators might forget where all of the certificates are located. When the time comes to renew the certificates the operators might not be able to find all of them and you could experience downtime while you hunt for a needle in a haystack.
3. Do not use production certificates in the development environment
Although it might speed up the development process, using production certificates in the development environment can lead to some serious security issues.
If an attacker manages to obtain a certificate, they can use that certificate to gain access to other parts of your organisation's network.
4. Do not write down you credentials
This is an old issue with cybersecurity in general. People write down their passwords to not forget them. Once those written down passwords fall into the wrong hands, they can cause all sorts of trouble.
5. Implement a clear governance framework
Implementing and maintaining a governance process takes a lot of hard work and discipline. Do not brush it aside, without a good governance program your PKI team might find it hard or even impossible to get a holistic view of your PKI security. This might lead to some serious security problems.
Do you want to learn more about PKI? LAWtrust's PKI webpage is a good place to start.