.. _certMgmtBestPractices:

Certificate/Crypto Management Best Practices
============================================

Certificate rotation
Protecting private keys, passwords
No self-signed, use internal CA
Enable only the ciphers that you need
Have an inventory of all the Certificates, be aware how they are stored
Do not package your certificates/keys with the application
Deploy certificates separately from the code
Do not store keys in the same git repo
Use secret manager
Utilize extensions and usage fields (which ones?)