Metadata Lookup Utility:: UR Data Glossary

UR Data Glossary Specification Information'

SSL Certificates (Nessus Scan)

Purpose

This report manages the business process of SSL certification management. Certificate management includes installing the certificate and removing it upon expiration.

This report tracks SSL Certificates within the University IT environment that are managed by the University IT SSL Certificate Core Team. Certificates from three vendors are managed: VeriSign, InCommon, and ISPCA. Certificates are provided by many vendors but the SSL Cert Core Team only manages certificates from VeriSign, InCommon, and ISPCA. Other vendors do not require management because the vendor installs and uninstalls the certificates that they provide.

SSL certificates contribute to a secure connection between the University and the Internet. Staff use the report to anticipate certificates that will expire soon, remove recently expired certificates from the environment, and view historical certificates for analysis.

Close management of SSL certificates makes the environment safer and avoids delay in projects that utilize applications under certification.

Description

The report is an Excel workbook containing 4 worksheets. The data is provided from a routine Nessus scan of the University IT environment. Worksheet names are truncated due to character length limit in Excel. The columns are the same for each of the 4 worksheets. The worksheets are distinguished by selection criteria such as supplier and key length.

Worksheet 1 Title: Upcoming Expirations.1. This tab lists managed certificates that will expires 90 days from the date that the report was run. Managed certificates are from VeriSign, InCommon, or ISPCA.

Worksheet 2 title: Full list from Verisign and I. (ISPCA) This tab lists all current managed certificates, no matter when they expire.

Worksheet 3 Title: 1024 Certificates from VeriSi. This subset of Worksheet 2 lists the certificates impacted by a policy change by major certificate providers (announced in 2013) regarding key length. (delete this tab - this cleanup work is done.)

Worksheet 4 Title: Full list for all certificate. This tab lists all certificates - managed and non-managed - in the University IT environment. The report is used for discovery or analysis.(new worksheet 2).