Skip to main content
banner image
venafi logo

Does Your Digital Certificate Security Support Any CA?

Does Your Digital Certificate Security Support Any CA?

support any ca
August 4, 2016 | Allen Marin
Key Takeaways
  • The volume of digital certificates continues to explode
  • Hundreds of Certificate Authority options are fueling more customer choice
  • Only Venafi supports the use of any Certificate Authority quickly and easily

Most of us are guilty of favoring instant access over online security, and with more of our lives moving to the digital realm, it’s a real challenge to adhere to a security-first mentality. As we encrypt more of our communication, it follows that the number of keys and digital certificates used to perform the encryption rises commensurately. And these keys and certificates are often sourced from various certificate authorities (CAs). This dramatic increase over the last several years, across multiple sources, has many enterprises grappling for a solution to regain control.

I was reminded of this when I saw my daughter clicking through another browser certificate warning, which was the second time in as many months… at least of which I’m aware. This is a bit embarrassing since both my wife and I work in IT security and often talk about the latest hacks and breaches with our teenage kids, hoping they’ll be a little more careful when they go online.

And while I delicately chastised my daughter for dismissing such warnings (as a father of teenagers must do), enterprises must also bear some of the blame for not ensuring the certificates supporting their online services are valid and up to date. But is the sheer volume of certificates they must now manage from multiple CAs exceeding their capabilities? It would seem so.

Digital Certificates Are Skyrocketing

The chart below shows that the entire market for certificates has skyrocketed over the last few years. And like any fast growing market, new competitors are eager to enter the market, which explains the increase in CAs around the globe.

BlogImg-16.2Launch-CAGrowth-Graph.jpg

Numerous Certificates and CAs Increases Complexity

Having so many options makes it pretty easy for enterprises to source their certificates from more than one vendor. This, however, brings additional complexity since they must now secure a growing number of certificates from multiple CAs.

The root of the problem, however, is that most organizations still don’t have a good handle on where their certificates are or how many they even have. In most cases, they buy, deploy and manage tens of thousands of keys and certificates with spreadsheets.

TVGraph-CertificateManagement.png

The management challenge can be enormous, especially when you consider the increasing number of certificates scattered across the varied systems and departments across the enterprise. But not having an effective solution often leads to application outages from expired certificates and data breaches using lost or stolen certificates. 

How to Get Visibility and Control Over Certificates and CAs

So how does a company go about addressing this problem and what would an ideal solution look like?

  • Complete Inventory - First, it should be able to discover and inventory the thousands of certificates from every system and every device across the enterprise. And with enterprises having an average of over 23,000 keys and certificates, this visibility is crucial.
  • Automated Certificate Lifecycle - Second, it should be able to automate the lifecycle of every certificate, so it can be provisioned, enrolled, renewed, and retired automatically to ensure certificates are securely and effectively managed according to a defined security policy.
  • Identification and Remediation of Abnormalities - Third, it should quickly identify anomalies across the environment, so remediation steps can be taken.
  • Integration with Any CA - And, fourth, it should integrate with any legacy CA the enterprise uses and those it might add as secondary or backup CAs. And with some estimates putting the total number of CAs globally at over 600, there’s no shortage of choice for customers.

Venafi Delivers Key and Certificate Security for Any CA—Quickly and Easily

Venafi Trust Protection Platform is a solution that addresses all of these requirements, and it was designed from the beginning to support any CA. One of our first patents, in fact, was granted for having a flexible encryption platform that could secure and protect certificates from multiple CAs. Since then we’ve added drivers that integrate with dozens of the most popular CAs worldwide.

Leadership in securing and protecting keys and certificates means integrating with as many CAs as possible. And with a new Venafi Adaptable CA Driver that can be customized to integrate with any CA with minimal programming skills, Venafi extends its leadership even more. Now, customers have the ease and flexibility to bring advanced protection for all certificates issued from any CA.

As enterprises continue to put more emphasis on protecting their encryption environments, my hope is that we’ll see less of those expired certificate browser warnings, so I don’t have to worry about my kids ignoring them when posting yet another selfie.

How many different CAs does your enterprise use? Does your solution offer full advanced support for all of them?

 

 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Orange Umbrella

PKI for non-PKI experts: How to Address Compliance Requirements

PKI for non-PKI experts: What You Need to Know about Ongoing Maintenance

PKI for non-PKI experts: How Do You Get Your Systems Up to Policy?

About the author

Allen Marin
Allen Marin

Allen Marin writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat