Safely deploying TLS certificates: 5 common mistakes to avoid

Secure your web traffic and other TLS-protected data by ensuring your TLS cert is configured and deployed correctly.

A Transport Layer Security (TLS) certificate is a vital part of a balanced security breakfast, but millions of organizations are still eating Frosted Fruity Squiggles (with Extra Sugar inside!) and calling it a meal...and not even a tasty one at that.

You'd think configuring and deploying a TLS certificate securely would be an easy thing, but a quick look at Censys or Shodan reveals a gargantuan number of insecure TLS certs, including quite a few from organizations that really ought to know better.

TLS certificates protect the confidentiality and integrity of web traffic, email, and a growing number of other services, like DNS. While the X.509 system may be criticized as fundamentally broken, it remains an important and simple mitigation that should not be ignored, even if it is not a magic bullet that suddenly makes everything magically securitifically delicious.

Here are five tips to keeping the TLS leprechaun happy.

1. Use longer TLS keys

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!