The SSL Life Cycle

How Your Organisation Gets an SSL Certificate

[1] The process of requesting and receiving an SSL Certificate [2] typically involves technical people in your organization completing web forms and/or emails to request and receive them. This largely manual process takes some time and there are also request/response time delays between each of the ‘steps’ of the process. The following diagram illustrates the standard steps in the process of requesting and installing an SSL Certificate on a device or server.

With this number of steps and the need to rely on the CA [3] to act promptly to all requests (assuming that the Validation of these requests by the RA is positive so that the Certificate can be issued), ‘time loss’ is a natural consequence of the process.

• SSL Renewal & ‘Human Factor’ Errors

Depending on your environment, there is also the ‘human factor’ element where a specific Certificate expires ‘unexpectedly’ because the Administrator simply forgets to renew it. With more and more Certificates in use each day, managing lists using Excel® spreadsheets or other manual methods are ineffective. Even in the most efficiently managed environments, Certificates can expire and, at the very least, cause considerable inconvenience and embarrassment to your organisation. Depending on the commercial nature of the environment, these unexpected events can have serious financial implications.

• Mission Critical SSL

The level of severity resulting from an SSL failure, in some cases, makes the continuous availability of a valid (in date) SSL Certificate ‘mission critical’ to the organisation. You simply cannot allow the SSL to expire without having a renewal Certificate ready to take its place before the current one expires.

On the basis that SSL Certificates expire 1, 2 or 3 years after the date of issue; combined with the fact that renewing the SSL is largely a manual process carried out by your organisation’s Administrator(s); and the human factor; means that regularly, SSL Certificates are not renewed on time. This is not acceptable in the Mission Critical environment because the financial damage is simply too severe.