Esc

Certificate Rotation

D3-CERO
D3-CERO (Certificate Rotation)

Definition

Certificate rotation involves replacing digital certificates and their private keys to maintain cryptographic integrity and trust, mitigating key compromise risks and ensuring continuous secure communications.

How it works

Certificate rotation should be performed when:

  • Any certificate expires.
  • A new CA authority is substituted for the old, thus requiring a replacement root certificate.
  • New or modified constraints need to be imposed on one or more certificates.
  • A security breach has occurred.

Considerations:

  • Managing certificate rotation across an enterprise can be complex. Automated solutions, sold by multiple vendors, should be considered to manage this complexity.
loading...
json
loading...

References

All
Internet Article

The following references were used to develop the Certificate Rotation knowledge-base article.

(Note: the consideration of references does not imply specific functionality exists in an offering.)

Password and Key Rotation

Reference Type: Internet Article Organization: SSH
Source:
https://www.ssh.com/academy/iam/password-key-rotation

A knowledge graph of cybersecurity countermeasures