Certificate/Crypto Management Best Practices¶
Certificate rotation Protecting private keys, passwords No self-signed, use internal CA Enable only the ciphers that you need Have an inventory of all the Certificates, be aware how they are stored Do not package your certificates/keys with the application Deploy certificates separately from the code Do not store keys in the same git repo Use secret manager Utilize extensions and usage fields (which ones?)