Let’s face it. It’s a spooky world out there in cyber security. When you really stop to think about it, it’s pretty easy to be frightened by the consequences of any lapse in process or performance. For PKI administrators in particular, the prospect of an expired certificate causing business critical infrastructure to go down or a compromised key that is used in a successful cyber attack is downright hair raising. It’s even more scary when you realize that small PKI mistakes can have disastrous results on reliability, availability and risk. Seemingly innocuous practices, such as key sharing, widespread use of wildcard certificates and unauthorized CAs can come back to haunt you.
Why is it so hard to secure the vast numbers of keys and certificates that serve as machine identities? If you don’t have the right technology and processes in place, it’s easy for this challenge to overwhelm even the most knowledgeable PKI professionals. In this blog, I’ll highlight (lowlight) a few horror stories of things that can go wrong with your PKI. Ideally, these “tales from encrypt” will help you avoid the blood-curdling screams that happen when someone makes a simple mistake and the PKI team has to endure some organizational torture as a result.
Here’s what can go horribly wrong. Read on if you dare.
1. You turn your PKI into a ghost
If your root-signing certificate authority (CA) goes offline for any reason, you’d better make sure that you know where it’s located. I’ve heard of a couple of organizations that set up their root CA on a virtual machine and then allowed that machine to go dormant. When IT ops teams came along to tidy up dormant virtual machines, they inadvertently disabled the entire PKI by deleting the virtual machine where the forgotten root CA was installed. All that was left was the completely invisible ghost of a PKI. So, they lost access to all machines that used certificates from the deleted internal CA. Without the right technology, this could take months to fix!
2. You don’t properly bury phantom certificates
All of your administrators may not understand PKI like you do. So, chances are they’ll make a pretty common mistake like trying to install a certificate on an Exchange server, when they don’t really understand where it should go. They may eventually put the certificate in the right place—but what about all the other places they tried to put it that didn’t work? Were those instances properly deleted? Or are they littered across that server, giving bad guys plenty of opportunities to find and abuse them? Any certificate that’s outside of your visibility is one that will probably come back to haunt you.
3. You’ve got zombie certificates that refuse to die
Managing certificates manually can be time and resource intensive, especially if you’re trying to use spreadsheets, internal scripts or CA dashboards with limited functionality. So, it’s pretty tempting to try to eliminate this problem by extending certificate expiration periods. Why not issue a certificate that lasts, say, 99 years? In theory, you won’t have to worry about rotating them in this lifetime. Right? Not so fast. This hack may save you some time, but it does so at the expense of increasing your organizational security risk. Longer lifespans simply give attackers more time to hack the private keys for those certificates. Even three-, five- or ten-year certificates will put your organization at greater risk.
4. Your wildcard certificates are more trick than treat
Wildcard certificates are so easy to use that they are often used indiscriminately—so indiscriminately that many organizations don’t track them. If you don’t know which machines are using which wildcard certificates, it’s nearly impossible to renew them all before they expire. When the wildcard certificate eventually expires, every machine where it is installed will stop communicating at the same time. And it will take hours of precious time and resources to track them all down and reinstall new certificates. And, of course, Murphy’s Law dictates this will happen at the worst possible time, like Halloween or Day of the Dead.
As you can see, it’s all too easy to make ghoulish mistakes with your PKI that have serious implications for your business. I hope that by highlighting some of the things we’ve seen that can go terribly wrong with PKIs, you can learn from other people’s mistakes. And you’ll never have to go through the nightmares that so many of your peers have endured.