The process of scanning your environment for SSL/TLS certificates across all local and remote servers is accelerated. Other certification authority (CA) discovery tools may only find SSL/TLS certificates issued by that CA, or of a particular type. Comodo's universal certificate discovery finds certificates issued by any CA.
The list of digital certificates is continually monitored to ensure it meets the latest compliance requirements. Reports and notification types within the certificate lifecycle are established. Real-time reporting provides a list of certificates and statuses. Continuous monitoring is performed and an audit is generated for compliance.
The results of an audit of all SSL/TLS certificates required enables consolidation into a single centrally management system for the best control. A master account is established and as certificates approach expiration, they are replaced with certificates from a primary managed account that supports all types of certificates.
Certificates are easily replaced, revoked or repaired in conjunction with established rules for certificate validity period, validation type, key strength, etc. A compromised private key is replaced in rare situations such as the Heartbleed bug. A certificate is deleted and a replacement is issued if it is on a certificate revocation list (CRL).
Role-based access is defined. Workflows are designed and customized to streamline certificate management for any type of certificate including SSL/TLS, code signing, device and client digital certificates. Logs are used to provide a comprehensive audit history of certificate issuance and to identify any violations in policy.
The environment is continually monitored and scanned to prevent against security risks and outages. Current practices are regularly reveiwed to ensure processes meet the very latest compliance requirements and keep pace with new emerging security threats, business goals, industry standards and technology advancements.
* Estimate by Cisco System, Inc. based upon 4 hours of management per certificate prior to automation of lifecycle management - "Scalable Key & Certificate Lifecycle Management within Cisco Systems" - Session ID: SPO1-303 (RSA Conference).