SSL/TLS Certificates - Certificate Management Best Practices

This is a high-level overview of best practices for managing SSL/TLS certificates

Automate || Document || Notify || Monitor

Automate: Use SSL/TLS certificates and automate certificate renewal where possible

  • A considerable number of server administrators on campus have moved away from using the Incommon/Sectigo SSL Server Certificate offering in favor of automation.

  • If you have a VM hosted with DoIT please inquire with your system administrator about automation they can put in place for your certificates. 

  • Use Let’s Encrypt, AWS ACM, to automate your certificates. These are the most common vendors.  

  • Thousands of campus websites already use Let’s Encrypt and AWS ACM. Reach out to the TechPartners list if you are looking for some testimonials.

Document: Know how to create, review and renew your certificates

  • Shared documentation for your team means that anyone can pick up on the process regardless of vacations, holidays or staff changes

  • Have your team regularly review certificate statuses, ensure staff capacity to address and that knowledge of the process is in place.

Notify: Ensure expiring certificate notifications go to email groups of people who can assist

  • Have notifications go to a group email address that starts a request with a service team

  • Avoid using an individual email as that is a single point of failure, especially for vacations, holidays, or staff changes

Monitor: Have a way easily keep track of all of your certificates and their expiration date

  • Certificate Dashboard Services - there are many free or paid services & software that give you one place to see the status of all of your certificates

  • DoIT’s Monitoring Team can setup Nagios monitors that will alert prior to certificate expiration

  • Go Old School: Add calendar invites for you team to renew certificates or use a spreadsheet to keep track of websites



KeywordsSSL, TLS, server certificates, incommon, comodo, sectigo, guidance, best practices   Doc ID122433
OwnerJake S.GroupSSL Server Certificates
Created2022-11-10 14:51:52Updated2024-02-05 08:19:51
SitesDoIT Help Desk, SSL Server Certificates
Feedback  1   0