SSL certificates under control: How to secure your systems and avoid failures 

At this point, we no longer need to discuss the fact that we should not allow any unsecured communication connections in this day and age. After all, all system components should run smoothly and stably, but also securely. SSL certificates play a central role here. The problem here is that neglecting certificate management can lead to the system no longer running stably and to interruptions and unexpected behaviour.

Imagine the following: During important activities, the service is suddenly no longer available. The reason? An expired certificate. In the case of a connection that is called up by the user directly in the browser, this looks like this:

Annoying for the user who wants to get their work done or for the customer who is trying to order something. Even more annoying is that this is a problem that can be avoided with the right approach.

Challenges in the use of certificates

When using SSL certificates, it is not just a matter of keeping an eye on the expiry date, but also of having the necessary expertise. Renewing a certificate can be very complicated due to the different file formats such as .crt, .cer, .p7b, .p12 etc.. In addition, when renewing a certificate, you do not always receive all the necessary files, so they have to be created manually – including private keys, public certificates, etc.

These are all silent sources of frustration that people like to put off until they cause problems. People often forget to renew certificates before their expiry date, resulting in a service suddenly becoming unavailable. Even if the renewal is done on time, the process can be confusing as you have to deal with different file formats and compatibilities – so it’s not enough to just install .crt and have the rest of the day free. Last but not least, the installation itself can be difficult as it is rarely done. Maybe the person who did it last year is no longer available, or the documentation is missing.

Why SSL certificates at all?

SSL certificates are essential for the encryption of sensitive data. Verifying the authenticity of websites and building trust with users are essential in production environments. Without SSL, all information exchanged between customer and service provider, such as passwords and bank details, is transmitted in plain text, making it an easy target for cybercriminals. In addition, most browsers actively warn against insecure HTTP connections, which can deter customers and damage a brand’s reputation.

SSL certificates issued by trusted certification authorities (CAs) such as DigiCert provide an important level of validation. They ensure that websites are secure and legitimate. These certificates confirm that the website belongs to the organisation it claims to represent and reduce the risk of phishing attacks and fraud. Additionally, HTTPS improves search engine rankings and performance through modern protocols such as HTTP/2.

The most common problem: Expiring certificates

Forgetting the expiry date remains a major problem with SSL certificates. Certificates currently have a maximum validity period of 13 months (397 days). However, this regulation could soon change: In March 2023, Google announced in the certificate authority/browser forum that it would reduce the maximum validity period to 90 days. Companies should prepare for this now, as it will make the management of certificates more complex.

The main motivation behind this change is to improve security. Shorter runtimes require more frequent renewals to ensure that encryption standards remain up-to-date.

How we can provide support

In our experience, SAP Cloud ALM is an excellent way to monitor certificates. It can automatically notify you via Teams or email and can be configured to send multiple reminders – e.g. 45 days, 30 days, 15 days before expiry.

Additionally, with our alm360 Operations package, we offer proactive management and notifications of expiring SSL certificates. To learn more about our advanced and basic alm360 Operations, visit this blog post.

To summarise this topic in three points:

  1. SSL certificates are essential to secure data, build trust and avoid outages in production environments
  2. However, their management is complex and an expired certificate can quickly lead to a system failure.
  3. With our alm360 Operations packages, we help you manage SSL certificates efficiently and keep your systems secure.

Avatar photo

Marko Laius

Marko works as an ALM Technology Expert and has extensive knowledge in the use of SAP Solution Manager with a focus on technical monitoring. He has experience in the area of SAP Basis and has also familiarized himself with test automation.
blueworks Logo

Certified
Business Transformation
Professionals.

© blueworksgroup 2024. All rights reserved.

blue.works® and alm360® are registered trademarks in the European Union and Switzerland.
SAP is a registered trademark of SAP SE.