Navigation
index
next
|
MyArch Best Practices for Managing Certs and Keys
»
Table Of Contents
MyArch Crypto Best Practices
Table Of Contents
Introduction
Certificates And Keys Best practices
Java Keystore Best Practices
Docs
Table Of Contents
Table Of Contents
ΒΆ
Introduction
Certificates And Keys Best practices
Limit the Validity Period
Implement Validation/Revocation Mechanism
Automate Cert Renewal/Refresh
Do not Use Self-Signed Certs
Create/Maintain Certificate Inventory
Scan Certs Frequently
Scan Non-HTTP Endpoints
Secure Private Keys
Secure Root Keys
Minimize Trust
Do not Trust all Known CAs
Use Good Source of Entropy
Java Keystore Best Practices
Do not Use Default Keystores
Change the default password
Change the Keystore Password on a Frequent Basis
Secure your Keystore and Key Passwords
Keep Private Keys Separate
Set Restrictive File Permissions for Keystores
Keep only Active Keys/Certs
Do not Package Keystores inside Jar Files/Application Archive Files
Do not Package Keystores inside Docker Containers
Do not Store Keystores in the Application Git Repo
Separate Keystores for Different Environments
Use the PKCS12 Format for Keystores
Search Page
Navigation
index
next
|
MyArch Best Practices for Managing Certs and Keys
»
Table Of Contents