Using The Manager For PKI Certificate Check Processes

As an IT manager, making sure all of the security through any Secure Sockets Layer and Public Key Infrastructure products is working correctly is important. It is also essential to have access and control over the certificates for several different reasons.

There can be different reasons why an IT administrator may want to complete a PKI certificate check. The most common is to keep track of when certificates are expiring to ensure the encryption for the email account doesn't end without another certificate and private key ready to be installed.

When using the EPKI Manager or the Enterprise Public Key Infrastructure Manager from Comodo, these types of PKI certificate check procedures are very simple. The manager will allow you to easily generate a cert for any employee or client as needed. As you will be able to provide instant issuance through the Manager there is no need to plan in advance; everything can be done right from your secure login to the EPKI Manager through the web based console.

Possible Compromises

With the nature and structure of the Public Key Infrastructure, it can be difficult to know if there has been a compromise. Most businesses and entities will err on the side of caution and simply revoke the current cert and replace it with a new certificate and private key. The new public key will automatically be placed in the public repository for use.

There are different scenarios or possibilities that may prompt a PKI certificate check or certificate revocation through the system. Each of these can pose a risk to the authenticity of the emails sent by the particular user. Therefore, it is critical for the IT staff to make the employees and clients obtaining the PKI certificates aware of the security breaches and how to report these issues.

There may be a situation where a file stored on a USB drive or perhaps a smart card is lost or is used by someone other than the individual the certificate was bound to by the CA. It will be important for an employee to know what to do in this case and understand the potential risk involved to online email security.

In this case, it is critical that the employee immediately contact the IT department to have the certificate and the private key revoked. This is often the case if the certificate and the private key are on a device to make access from multiple devices and in multiple locations easy for an employee when traveling.

In some situations, the private key may be compromised in some way. This can include someone exporting the private key file and leaving unsecured on a device. If this happens, it is possible that even the private key could be used in some way to tamper with email or to provide an unknown individual with digital signing authority on a specific account.

IT Compromises

There may also be situations that can occur within the IT department itself. By using the EPKI Manager which stores all data under password protection, this is much less common and actually very rare.

A specific server left open or unlocked could create a need to complete a PKI certificate check to ensure that no fraudulent certificates have been created. This would mean that the server and the console were left unlocked at the same time, which is not a likely scenario.

With the use of the EPKI Manager is it is possible to designate specific users to have access to different features and functions of the system. This is highly effective in eliminating these types of issues as each IT professional or other trusted individual can have a unique password and username that only allows the access to specific reports or operations in the Manager.

There is always the risk of an inside type of attack or a Brute Force Attack from an outside hacker. However, with the use of SSL/TLS products and the email protection, these are much less likely. Even phishing and pharming types of attacks can be prevented as there is verification in the email that it is from a trusted source, limiting the risk of identifying information being shared with a third party or hacker as in man-in-the-middle attacks.

For more information on how PKI certificates can be used to make your system more secure, visit us online at for more information. If you have a question don't hesitate to give us a call at +1 888 266 6361, we would be happy to help.

Related Articles
Back to TOP