Automate || Document || Notify || Monitor

Automate: Use SSL/TLS certificates and automate certificate renewal where possible

• Numerous server administrators at UW-Madison have moved away from using the Incommon/Sectigo SSL Server Certificate offering in favor of automation.

• If you have a VM hosted with DoIT please inquire with your system administrator about automation for your certificates and renewals. 

• Use Let’s Encrypt, AWS ACM, to automate your certificates. These are the most common vendors.  

• Thousands of campus websites already use Let’s Encrypt and AWS ACM. The TechPartners list can provide you with testimonials.

Document: Know how to create, review and renew your certificates

• Shared documentation for your team means that anyone can pick up on the process regardless of vacations, holidays or staff changes.

• Have your team regularly review certificate statuses, ensure staff capacity to address and that knowledge of the process is in place.

Notify: Ensure expiring certificate notifications go to email groups of people who can assist

• Have notifications go to a group email address that starts a request with a service team.

• Avoid using an individual email as that is a single point of failure, especially for vacations, holidays, or staff changes.

Monitor: Have a way easily keep track of all of your certificates and their expiration date

• Certificate Dashboard Services - there are many free or paid services & software that give you one place to see the status of all of your certificates https://www.google.com/search?q=ssl+monitoring

• DoIT’s Monitoring Team can setup Nagios monitors that will alert prior to certificate expiration.

•  Create calendar invites for you team to renew certificates or use a spreadsheet to keep track of websites.