Imperva Cyber Community

 View Only

How Imperva's Managed Certifications Can Mitigate Risks in Certificate Revocation Incidents.

By Luke Richardson posted 30 days ago

  

DigiCert's recent announcement regarding the revocation of certificates due to improper Domain Control Verification (DCV) highlights the critical need for robust certificate management solutions. In an environment where even minor non-compliance can lead to significant disruptions, managed certification services like those offered by Imperva can play a vital role in ensuring continuous compliance and operational stability.

 

The Challenge of Certificate Management

DigiCert's incident involved a technical oversight where a required underscore prefix in DNS CNAME records was omitted, leading to the revocation of approximately 0.4% of their certificates. This affected both TLS and S/MIME certificates, creating potential issues for secure communications and web services. The urgency mandated by CABF rules necessitated swift action from impacted customers to avoid disruptions.

 

Imperva's Managed Certification Services

As stated in a previous blog, Imperva’s managed certification services provide a comprehensive solution to prevent and mitigate such issues. Here’s how:

  1. Automated Certificate Renewal: Imperva ensures that all your certificates are renewed automatically, eliminating the risk of unexpected expirations that can lead to downtime or security vulnerabilities.
  2. Comprehensive Visibility: Gain full visibility into the status of all your certificates, including upcoming expirations, renewal status, and notifications for potential issues. Imperva’s dashboard provides a centralized view for easy monitoring and management of large scale of certificates.
  3. Industry Compliance: Stay ahead of industry announcements and changes. Imperva actively monitors and responds to shifts in the certificate landscape, like Google’s recent decision on Entrust, to ensure your site remains compliant and secure.

  4. Automated Domain Validation: Imperva not only creates certificates for every new domain you onboard but also automatically proves your domain ownership. This means that every site you create will be automatically validated when an SSL certificate is issued or renewed, ensuring seamless coverage.

  5. *New* Dedicated Site Certificates: Each site you onboard to Imperva will be issued its own dedicated certificate. This enables a shift-left approach, allowing development teams to manage their applications more effectively. Additionally, having site-specific certificates creates separation between the applications within the organization, ensuring that an issue with the renewal of a specific application domain does not affect others.

In the event of a revocation notice like the one issued by DigiCert, Imperva’s managed services facilitate a rapid response. Automated reissuance processes can quickly replace revoked certificates, ensuring that secure communications and services remain uninterrupted. Additionally, Imperva’s support team provides expert guidance to navigate the reissuance process smoothly.

Secure Your Sites with Imperva

Don’t let the complexities of certificate management compromise the security and reliability of your applications. By moving your sites to Imperva, you can protect your applications, ensure their resiliency, and free your IT teams from the constant burden of certificate management. The Imperva Secure Content Delivery Network (CDN) offers the best in speed, performance, and resilience by building content caching, load balancing, and failover into a comprehensive application security platform to securely deliver your applications across the globe.

Take action today – delegate your certificate management to Imperva and focus on what you do best: growing your business. Contact us  or comment below to learn more about our certificate management services and CDN capabilities and how we can help keep your sites secure, fast, and compliant.


#AllImperva
0 comments
4 views

Permalink