For more details, please refer to our certificate management document.
Best practices list:
* Restrict certificate validity to short periods of time
* Automate certificate renewal/refresh
* Implement certificate validation/revocation mechanism (OSCP)
* Do not use self-signed certs
* Do not use wildcard certs
* Establish and maintain a complete certificate inventory — you must know where each certificate is deployed, its expiration, etc.
* Run frequent endpoint/port scans to detect self-signed and other out-of-policy certificates.
Read the rest of this post »