On 3 February 2020, Microsoft Teams suffered a service outage that lasted for about three hours. The outage—caused because Microsoft forgot to renew their TLS/SSL certificates—impacted more than 20 million users who used the business communication platform to collaborate. Then again, in May 2021, Microsoft's Exchange administration portal was offline after the company failed to renew an expired SSL/TLS certificate.
But outages are not the only problem that impacts availability. In March of this year, Let’s Encrypt announced revoking over 3 million TLS certificates to fix a bug they found in their backend code during a feature update. In an interview with Threatpost during that time, Venafi’s VP of Security Strategy and Threat Intelligence, Kevin Bocek, dubbed it as an incident that forced millions of machines to be untrusted and unavailable online, causing harm to customers that relied on them.
These incidents teach us a lot about the state of TLS certificate management. It’s clear that several enterprises don’t manage their certificates effectively because they lack security awareness, and defined policies around certificate management. Admittedly, if such snags can happen to tech giants like Microsoft, they certainly can cripple the core operations of other businesses regardless of their company size.
In this post, we will talk about some of the most common problems that organizations can run into when it comes to managing their TLS certificates.
In many organizations, the process of managing TLS certification is basically broken. Typically, there’s a central certificate services team in mid-size enterprises charged with issuing the security certificates. This team has the necessary knowledge about managing certificates well, but they don’t have the access to the systems that hold the certificates.
The responsibility to install the certificates is in the hands of different teams—such as system administrators and DevOps members. Many of these teams are oblivious of the best practices in certificate management—or the risks involved in lack of it. This is a challenge that often stems from a bigger problem, i.e., most organizations don’t have defined processes or clear roles and responsibilities to effectively manage certificates.
Despite the business-critical nature of TLS certificates, the majority of enterprises don’t leverage automation to keep a tab on their certificate management. As a result, businesses introduce a range of problems to their enterprise security and management. Below, let’s take a look at some of those risks:
Untrusted or Compromised Certificates
In 2015, Venafi surveyed more than 300 IT security professionals and found that most of them are aware of the risks that arise from untrusted certificates but they don’t take any action to mitigate the risks. The implications of inaction are hard to ignore.
When a certificate is compromised, attackers can either bypass the antivirus software or self-sign a malware program. A few years back, when security researchers from the University of Maryland ran a field data analysis collected by Symantec on 11 million hosts, they found about 72 compromised certificates used for signing a huge pool of malware programs. The certificates were valid but didn’t produce any error message for the malware program when they went through the signature checks.
Venafi found a similar striking revelation in a 2017 study that was carried out in partnership with the Cyber Security Research Institute. The research found that code signing certificates were up for sale on the dark web for around $1200. This means cybercriminals have lucrative financial incentives to steal certificates and sell them at higher margins before they expire.
Compromised Certificate Authorities
The list of CA compromises is longer than you may think. And it’s not just from breaches. CAs are supposed to be the bastions of security certificates, and you can generally trust them with absolute confidence. But occasionally a CA is compromised. And when that happens, it leads to a number of bad consequences. For instance, attackers can take advantage of the fraudulent certificates to launch man-in-the-middle (MitM) attacks and steal critical business data.
As a response to such incidents, CAs often decide to mass revoke the compromised certificates in order to curtail further damage and save themselves from public embarrassment. Case in point—DigiCert revoked around 50,000 certificates in 2020 after being subject to an internal process error.
Weak Hashing Algorithms
Over the past few years, globally renowned brands like LinkedIn and Yahoo! have fallen prey to high-publicity password leaks mostly caused by weak hash vulnerabilities which gave cybercriminals access to their user password hashes. Just like the Microsoft Teams’ example discussed above, these infamous password leaks highlight the fact that even large companies use weak hashing mechanisms that give cybercriminals easy access to crack user passwords.
Weak hash functions occur when large messages are reduced to smaller hash values or if they produce the same value as other hash messages. On the other hand, a strong hash function is indefensible against such collisions. While it’s not possible to completely avoid hash collisions, a hash function that is too short (e.g., MD5 or SHA-1) is more prone to a high collision rate. Weak hashing algorithms allow cybercriminals to fabricate malicious programs to impersonate the hash values of genuine applications.
A majority of businesses depend on cumbersome manual processes to manage their digital certificates. For instance, they rely heavily on storing certificate data on paper, spreadsheets, or simply in their heads.
In addition to being time-consuming and highly error-prone, such manual processes make your enterprise susceptible to a variety of security risks. Imagine a scenario when a seemingly small typo can lead you to miss the certificate renewal deadline which in turn can result in a serious security breach or a system breakdown, which negatively impacts your business.
Lack of Crypto Agility
Crypto agility is an organization's ability to respond to a cryptographic threat—such as Heartbleed, SHA-1 breach, or even quantum computing—and adapt quickly to the new landscape. Sometimes, the threats can also stem from the sources of the cryptographic supply chain, such as in the case of Let’s Encrypt who revoked millions of TLS certificates out of the blue. Most organizations today are not crypto-agile, as is evident in the examples discussed above.
Most organizations simply don’t have the planning, visibility, or the technology to manage hundreds of thousands of TLS certificates on their sites. As a consequence, they become easy targets for cybercriminals who are on a prowl to find loopholes in high-traffic websites.
In order to devise a proper response strategy and to mitigate the risk caused by the oversight of a digital certificate, here are four best practices your enterprise can incorporate.
Define responsibilities and policies
The lack of a clear organizational policy on certificate management often results in a lack of awareness among the end-users who become enablers to a certificate breach.
Your executive leadership should establish a formal certificate management team and set specific implementation goals. The team—in conjunction with the company leadership—should enforce stringent policies around certificate purchase and handling, define clear roles and responsibilities around who owns the certificate management, design workflows to approve certificate issuance and renewal, and assign role-based access and permissions.
Detect vulnerabilities and respond
Rather than waiting for a security breach to occur, your business should take proactive measures to run safety drills to ensure all bolts are screwed tightly. This is where a regular audit comes in handy.
As a standard practice, assign the certificate management team to use a vulnerability management tool to run weekly network scans. Penetration testing is yet another method that offers a good discovery and accuracy rate to check for loopholes in your network security.
Finally, watch out for the latest updates on security vulnerabilities in TLS certificates online. There are plenty of online tools that can help you check the health of your SSL and keep an eye on the latest vulnerabilities and misconfigurations.
When it comes to certificate management best practices, visibility is much more than revoking and replacing expired certificates. Having a clear picture of your entire certificate lifecycle means you have a 360° view of your certificate management or can devise a contingency plan to curb any threats when needed.
It’s a combination of smaller tasks like setting reminders for certificate renewals to higher-level planning like being compliant with the latest security protocols. This is important because outdated protocols can expose your sensitive data or open doors for MitM attacks.
Start by making a list of all your device endpoints and make notes about their certificate issuance, installation, renewals, and replacements. Not only will this give you laser-like visibility in your certificate inventory but also help you reduce the chances of certificate-related outages.
Automate Your Certificate Management Lifecycle
You can save a lot of time and resources for your business if you automate the routine part of the certificate management cycle. With automation, you can set alerts for certificate expiration dates, facilitate certificate installation on network endpoints, and generate reports for the respective certificate owners.
Automating the certificate management process lets you take your hands off of it and while ensuring that there won’t be any service outages caused by certificate expiries.
Facilitating self-service certificate management is an important part of the solution since it empowers individual certificate owners to automate their SSL renewal cycle at their own pace. Automated and self-service certificate management ensures that certificate owners can manage the end-to-end process independently which can also help them identify impending risks quickly.
To that end, the Venafi TLS Protect solution offers a portal that facilitates self-service automation to individual certificate owners and offers them a customizable dashboard and rich filtering to find assets quickly.
Outages owing to certificate expiries may sound like nothing more than blunderous glitches, until they lead businesses to grave security dangers. Don’t be a victim to certificate goof-ups. Learn how you can use a machine identity management solution to identify weaknesses in your security infrastructure and avoid costly certificate outages.