Navigation

  • index
  • next |
  • MyArch Best Practices for Managing Certs and Keys »
  • Table Of Contents
MyArch Crypto Best Practices

Table Of Contents

  • Introduction
  • Certificates And Keys Best practices
  • Java Keystore Best Practices
  1. Docs
  2. Table Of Contents

Table Of ContentsΒΆ

  • Introduction
  • Certificates And Keys Best practices
    • Limit the Validity Period
    • Implement Validation/Revocation Mechanism
    • Automate Cert Renewal/Refresh
    • Do not Use Self-Signed Certs
    • Create/Maintain Certificate Inventory
    • Scan Certs Frequently
    • Scan Non-HTTP Endpoints
    • Secure Private Keys
    • Secure Root Keys
    • Minimize Trust
    • Do not Trust all Known CAs
    • Use Good Source of Entropy
  • Java Keystore Best Practices
    • Do not Use Default Keystores
    • Change the default password
    • Change the Keystore Password on a Frequent Basis
    • Secure your Keystore and Key Passwords
    • Keep Private Keys Separate
    • Set Restrictive File Permissions for Keystores
    • Keep only Active Keys/Certs
    • Do not Package Keystores inside Jar Files/Application Archive Files
    • Do not Package Keystores inside Docker Containers
    • Do not Store Keystores in the Application Git Repo
    • Separate Keystores for Different Environments
    • Use the PKCS12 Format for Keystores
  • Search Page

Introduction

Navigation

  • index
  • next |
  • MyArch Best Practices for Managing Certs and Keys »
  • Table Of Contents
© Copyright 2025, MyArch Data Security Inc.. Created using Sphinx.