Skip to main content
banner image
venafi logo

New Year’s Resolutions that Help You Prevent Certificate Outages

New Year’s Resolutions that Help You Prevent Certificate Outages

a row of white ladders with one red one taller than the rest, leading up to a red target
January 1, 2020 | Scott Carter

It’s that time of year again—

where we look back at 2019 and evaluate what went right and what went wrong. If certificate outages were on your “need-to-improve” list, then it’s time to set some New Year’s goals that will help improve your organization’s availability and productivity.  

So. Outages. When was the last time you had to grapple with a certificate outage? Last week? Last month? Last year? It probably doesn’t make you feel any better that you’re not alone. Information security professionals have been dealing with certificate-related system and service outages for as long as the internet has been around. And even the most security conscious organizations can still struggle with these unexpected outages.

Why do certificate outages still happen?

For one, the race toward digital transformation has caused an exponential increase in the number of SSL/TLS certificates organizations need to manage and protect. The sheer volume of these new certificates exceeds the capacity of manual or semi-automated processes in many large organizations. So, almost all organizations are left with certificates that they don’t know about. And unknown certificates are prime candidates for unexpected expiration. On average, IT security professionals using Venafi found 57,420 additional SSL/TLS keys and certificates that were previously unknown.

At the same time, cybersecurity solutions are increasingly using SSL/TLS certificates to decrypt and inspect traffic, searching for signs of attackers and anomalies. Inspection of this traffic is now critical for cyber defense. But when a certificate-related outage impacts this security process, it can transform an availability issue into a major breach.



If you’ve had to deal with the aftermath of an outage triggered by an expired certificate in 2019, then here’s a shortlist of 6 resolutions that are likely to improve your quality of life in 2020.

  • Resolution #1—Build Yourself a Certificate Outage Safety Net
    Create an effective outage warning system that notifies organizational leaders rather than trying to track down individual owners of certificates. This will help you build executive awareness of impending outages and promotes action before sites, services and applications are crippled.

  • Resolution #2—Implement the Right Technology to Prevent Outages
    Make sure you’re building a proper foundation for outage prevention. Choose a solution that provides the visibility, intelligence and automation your organization needs to prevent certificate-related outages across server operations, network, InfoSec and PKI teams

  • Resolution #3—Encourage Your Certificate Users to Make the Right Choices
    Create a self-service portal for certificates that allows you to maintain control of cryptographic attributes and security policies across business silos. Plus, it will help certificate owners easily solve certificate-related issues themselves so they can run faster, experience fewer obstacles and achieve their goals more securely.

  • Resolution #4—Make Sure You’re Using the Best Policies
    Creating an enterprise-wide policy for machine identities will standardize practices and remove user guesswork for critical attributes, such as approved CA, required configuration and parameters for key lengths, algorithms and expiry dates.

  • Resolution #5—Fine Tune Your Machine Identity Workflows
    In designing workflows, you’ll want to integrate your certificate service with other systems like ticketing and ITSM solutions. Plus, you’ll want to document procedures for sign-off and override to sidestep any potential irregularities.

  • Resolution #6—Train the Teams Who Will Help You Be Successful
    Don’t forget to train and enable deployment teams to become experts in managing certificate lifecycles as part of your broader information security strategy. At a minimum, they should know how to onboard a certificate-owner team, enable notifications and set up policies, folders and workflows.


At Venafi, we’ve been helping the world’s largest organizations prevent certificate outages for the past 12+ years. And we can do it for you too. Guaranteed. The resolutions I’ve listed above are just part of a prescriptive guide that you can follow to prevent outages altogether. See the full list of steps you should follow to eliminate certificate outages. In fact, we’re so certain that if you follow these steps, we’ll guarantee that you will not experience certificate outages.

Are you ready to stop certificate outages forever? Read more about our guarantee here.


Related posts

Like this blog? We think you will love this.
Featured Blog

Stop Certificate Outages from Increasing in Frequency and Severity

Machine identity management was a mess This company had experienced 2

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more