With Cyber Monday kicking off the first week of hot-and-heavy e-commerce action this holiday season, keeping consumers spending safely is a top-of-mind concern for most retailers. One of the keys to maintaining a smooth and secure customer experience is making sure that nothing breaks the process of SSL authentication.
Coming off a year full of certificate authority (CA) compromises, SSL certificate management is more important than ever. The following tips from authentication experts are important considerations for retailers and other organizations that depend on SSL to authenticate user communication and transactions.
1. Avoid Expiration At All Costs
Expiration of certificates is an important part of the security mechanism of certificates, said Jeff Hudson, CEO of Venafi. But it requires organizations to be on their toes to ensure that certificates remain current lest they interrupt the customer experience. At very best, an expired certificate will send up an error message on shoppers' browsers, warning them that the trusted connection is no longer able to be validated. But in some scenarios, an expiration can shut a system down.
"When certificates are used in server-to-server communication, it's not like they pop up a dialogue box that says, 'This certificate has expired or is from an unknown party, would you like to proceed anyway?' When servers communicate with each other, they don't have that option," Hudson said. "If they don't get a correct response from a challenge, they stop working. And sometimes it is hard to tell they're not working. Last year, the Target RedCard system went down for eight hours because of an expired certificate."
2. Know Where Your Certificates Are
Many times the reason why retail outfits and other large organizations allow certificate expiration dates to lapse without any action is that the people in charge of renewing had no clue the certificate existed in the first place.
Read our report on how to guard your systems from a SQL attack. Download the report now. (Free registration required.)