Automate || Document || Notify || Monitor

Automate: Use SSL/TLS certificates and automate certificate renewal where possible

• A considerable number of server administrators on campus have moved away from using the Incommon/Sectigo SSL Server Certificate offering in favor of automation.

• If you have a VM hosted with DoIT please inquire with your system administrator about automation they can put in place for your certificates. 

• Use Let’s Encrypt, AWS ACM, to automate your certificates. These are the most common vendors.  

• Thousands of campus websites already use Let’s Encrypt and AWS ACM. Reach out to the TechPartners list if you are looking for some testimonials.

Document: Know how to create, review and renew your certificates

• Shared documentation for your team means that anyone can pick up on the process regardless of vacations, holidays or staff changes

• Have your team regularly review certificate statuses, ensure staff capacity to address and that knowledge of the process is in place.

Notify: Ensure expiring certificate notifications go to email groups of people who can assist

• Have notifications go to a group email address that starts a request with a service team

• Avoid using an individual email as that is a single point of failure, especially for vacations, holidays, or staff changes

Monitor: Have a way easily keep track of all of your certificates and their expiration date

• Certificate Dashboard Services - there are many free or paid services & software that give you one place to see the status of all of your certificates https://www.google.com/search?q=ssl+monitoring

• DoIT’s Monitoring Team can setup Nagios monitors that will alert prior to certificate expiration

• Go Old School: Add calendar invites for you team to renew certificates or use a spreadsheet to keep track of websites