Monitor SSL TLS Certificate Expiration
Gain Certificate Visibility, Automate Processes and Prevent Outages
October 14, 2020

Sidharth Kumar
Exoprise

Share this

Secure Socket Layer (SSL) and its successor, Transport Layer Security (TLS) are protocols designed to safeguard traffic over the internet. SSL certificates allow websites to move from HTTP to HTTPS, a more secure communication channel on a network.

Starting this September, the lifespan of an SSL/TLS certificate has been limited to 398 days, a reduction from the previous maximum certificate lifetime of 825 days. With this change, everyone needs to more carefully monitor SSL certificate expiration and server characteristics.

Publicly trusted SSL/TLS certificates issued on and after September 01, 2020, with a validity of more than 398 days will be rejected by browser makers such as Apple, Microsoft, Google, Mozilla, and Opera. Cloud service providers will require that their certificates comply with this requirement else web browsers may not render their pages correctly or fail to load. As of today, the combined global market share for desktop browser usage for Chrome, Firefox, and Safari is more than 85%.


Source: StatCounter Global Stats — Browser Market Share

In a move that may seem arbitrary, the reduction of certificate lifespan offers end users a secure and authentic digital experience. Certificates that have a lifespan longer than 398 days can delay any major internet outage incident and upgrade to a secure technology stack. The last thing an enterprise would want is to see its Teams certificate get revoked and cause disruption at work because someone in IT forgot to renew the certificate license. Such an act would profoundly impact worker productivity and business revenue.

New Certificate Policy Will Cause More SSL Certificate Outages

According to the Ponemon survey, the average global 5000 company spends about $15 million to recover from business loss due to a certificate outage and faces another $25 million due to non-compliance. Additionally, hackers over time can exploit weaknesses in algorithms to forge or clone certificates and have end users reveal their sensitive confidential information on an impersonated website. One-year certificates lead to a more frequent generation of new key pairs and limit exposure to compromise.

Another challenge that derails the certification process is that several internal technical teams will create their version of monitoring tools without consulting or coordinating the requirements with the central IT function. These siloed teams make it difficult for even the best network administrators to account for all the critical certificates that need renewing. Such tools lack the sophistication to crawl the entire organization's network and scan for all certificates needed to run IT efficiently and smoothly.

An automated modern system would catalog all the certificates found, load certificates into a queue in the order of expiry date, and conveniently replace them when necessary. Consider that DevOps might want to run a web application in a virtual mode within a hybrid cloud environment. The increasing complexity of the IT landscape means that enterprises would need to explore all types of certificates beyond just SSL/TLS — virtualization, containerization, encrypted emails, IOT certificates, software update license, SDN, and more.

At the beginning of this year (if you were following us closely!), there was a Microsoft Teams Outage that was caused due to an expired certificate. Teams was down for hours, leaving users around the world not able to login to their services. Microsoft admins forgot to renew their SSL certificate, something unusual for its company size.

SSL/TSL certification monitoring offers the following benefits to businesses:

■ Gain visibility through proactive monitoring, discovery, and alerting on SSL certificate expiration

■ Reduce operational costs and errors by automating the job of managing certificates

■ Improve website security and performance with SSL monitoring in real-time

■ Increase service availability and customer confidence through institutionalized best practices

■ Deliver great SaaS experience by tracking service disruption and preventing an outage

■ Increase reliability with a single all-in-one platform for all technology certificate needs

Managing certificate expiration and replacement in today's IT environment is complex and challenging. Successful monitoring and upgrade strategy for SSL/TLS certificate and others is a must for enterprises.

Microsoft announced several new features for Teams at the recent #MSIgnite 2020 virtual event. Whether your company relies on Teams or any other SaaS cloud service from the Office 365 suite, you need a cloud monitoring solution to ensure business continuity and team success. Focus on things that matter to your organization and let a robust tool do the critical heavy lifting monitoring of cloud applications and certificate health.

Sidharth Kumar is Director of Product Marketing at Exoprise
Share this

The Latest

October 28, 2020

The "APM" solutions we've come to love over the last 2 decades can't handle Serverless Functions or deliver the same performance and operational details that they deliver for other architectural constructs — including App Servers, Frameworks, Cloud, even Containers. And the reason is that they're methodologies for collecting performance data simply won't operate with the same characteristics as it would in persistent code ...

October 27, 2020

I asked myself this important question: Can APM tools Manage Serverless Workloads? And the answer is "No, not really." It is true that every monitoring solution in the world claims support for monitoring serverless platforms (at least one of them). What I mean by my answer is that the "APM" solutions we've come to love over the last 2 decades can't handle Serverless Functions or deliver the same performance and operational details that they deliver for other architectural constructs ...

October 26, 2020

In Episode 11, Andrew Tunall, GM, New Relic Serverless & Emerging Cloud Services, joins the AI+ITOPS Podcast to discuss the challenges and advantages of distributed tracing ...

October 22, 2020

IT teams critically require better visibility into the network driven by a number of factors, including tremendous disruption from the COVID-19 pandemic, relentless technological advances, remote working reaching an all-time high and the expanding security threatscape, according to State of the Network 2020, a study conducted by VIAVI Solutions ...

October 21, 2020

Mobile commerce offers several benefits for retailers. But all this potential can only be fully realized if retailers can manage the associated challenges that mobile commerce introduces. Anyone involved in the development, operation or troubleshooting of a mobile shopping app needs to be aware of the three following technical obstacles and plan accordingly ...

October 20, 2020

Although cost control/expense management remains top of mind, organizations are realizing the necessity of technology solutions to enable them to steer the business during these turbulent times, according to IDG's CIO Pandemic Business Impact Study ...

October 19, 2020

The COVID-19 pandemic has compressed six years of modernization projects into 6 months. According to a recent report, IT leaders have accelerated projects aimed at increasing productivity and business agility, improving application performance and end-user experience, and driving additional revenue through existing channels ...

October 15, 2020

There is no doubt that automation has become the key aspect of modern IT management. The end-user computing market is no exception. With a large and complex technology stack and a huge number of applications, EUC specialists need to handle an ever-increasing number of changes at an ever-increasing rate. Many IT organizations are starting to realize that they can no longer control the flow of changes. It is time to think about how to facilitate change ...

October 14, 2020

Starting this September, the lifespan of an SSL/TLS certificate has been limited to 398 days, a reduction from the previous maximum certificate lifetime of 825 days. With this change, everyone needs to more carefully monitor SSL certificate expiration and server characteristics ...

October 13, 2020

Nearly 6 in 10 responding organizations have accelerated their digital transformations due to the COVID-19 pandemic, according to The IBM Institute for Business Value study COVID-19 and the Future of Business ...