Further support for security certificate automation
Contact us if you have concerns about your security certificate automation. We will do our best to provide guidance or direct you to the appropriate resources.
We will help with as many issues as possible but certain requests may fall outside our scope of support.
We aim to release a revised version of this toolkit in future, including more technical direction on automation.
If you would like to find out more about the service or have any other queries, please get in touch at certificates@jisc.ac.uk.
Certificate service
If you are a member of the public sector, our certificate service can help you secure your web and email services.
Best practise certificate tips
As well as automating certificate management with tools like ACME and Ansible, it's essential to follow best practice to ensure the security and integrity of your certificates.
These tips contribute to a comprehensive approach to certificate management that minimises risk and ensures the continuous protection of your digital assets.
Wildcard certificates vs. single-domain certificates
Check whether wildcard certificates or single-domain certificates are more suitable for your use case. Wildcard certificates cover multiple subdomains, single-domain certificates offer greater granularity and minimise the impact of a compromised certificate.
Resources
- The case for single-domain certificates
- Advantages and disadvantages of wildcard SSL
- How does a wildcard SSL work?
Types of certificate validation
Understand the different types of certificate validation, such as domain validation (DV), organisation validation (OV), and extended validation (EV). Choose the validation level based on your security requirements and the level of trust you wish to establish with your users.
Resources
Domain and certificate renewal timing
Time the renewal of your domain registrations and SSL/TLS certificates to prevent service disruptions. When scheduling, consider factors such as domain renewal notifications, third-party dependencies, and certificate issuance lead times.
Resources
Certificate lifecycle management
Implement a robust certificate lifecycle management strategy. Include procedures for certificate issuance, renewal, revocation, and expiration. Audit and update certificate configurations often to maintain compliance with security policies and industry standards.
Resources
Monitoring and alerting
Set up monitoring and alerting systems. These can track certificate expiration dates, check certificate revocation status, and detect anomalies in certificate usage. Develop proactive measures to quickly address issues and minimise the risk of service disruptions.