Perform an audit of all domains and certificates

 Part 1.  Perform an audit of all domains and certificates.
The SSL Certificate audit should note the location, expiration date and validity period, the vendor, and the contact listed for every SSL Certificate in your enterprise. Whether starting from scratch or validating an existing list, anyone who might have purchased an SSL certificate should be notified of the audit and be asked to contribute information. In addition to domain and Web servers, certificates may also be used to secure applications such as mail servers.

The NSLookup tool maps domain names to IP addresses to help find the location of missing certificates. If a certificate cannot be found or is no longer needed, be sure to revoke it to prevent misuse.

The audit is a good time to evaluate the type of certificate used and make sure it meets your current needs. Would a highly visible, public Web server benefit from an upgrade to a new SSL Certificate that meets the CA/Browser Forum Extended Validation Standard? Does the intranet need SSL protection?

To request an SSL Certificate, a subscriber visits an enrollment page and completes a Web-based form. The certificate may be instantly approved or rejected or set as pending, depending on the pre-determined administration rules. Domain blocking prevents subscribers from purchasing individual certificates for managed domains by redirecting them to the managed account enrollment page. Pre-set notifications help streamline the process and alerts keep administrators informed. Expiration alerts, sent as emails or text messages, may be sent to several administrators and an alias account.

When the number of available certificate units drops below a set number, the administrator receives a replenishment alert to purchase more. Pending alerts let administrators know when they need to log-in and review requests. Confirmation emails notify administrators of instantly-issued certificates. Output: A clearly articulated administrative process integrated into the management system.


Output: A complete list of all domains and certificates.


Quote From The VeriSign While Paper: Taking Control of SSL Certificates While Improving Security and Reliability