Help Center/ Well-Architected Framework/ Well-Architected Framework and Practices/ Security Pillar/ Infrastructure Security/ SEC05 Runtime Environment Security/ SEC05-05 Certificate Security Management
Updated on 2025-05-22 GMT+08:00
View PDF
Share

SEC05-05 Certificate Security Management

Certificates are commonly used for transmission data encryption and identity authentication between systems. Centrally manage the usage and validity period of certificates and replace them in a timely manner.

  • Risk level

    Medium

  • Key strategies
    • Centrally managing certificates:
      • Establish a centralized certificate management system to store, track, and manage all certificates.
      • Ensure that all certificates are clearly identified, including the usage, owner, and validity period.
    • Validity period management:
      • Periodically check the validity period of the certificate. Update or replace the certificate that is about to expire in a timely manner.
      • Do not use expired certificates to prevent security vulnerabilities and service interruption.
    • Secure storage:
      • Store the certificates securely. Ensure that only authorized personnel can access the certificates.
      • Implement extra protection on private keys, for example, use hardware security modules (HSMs) to store private keys.
    • Encrypted transmission:
      • Use encrypted channels, such as SSL and TLS, to transmit certificates to prevent certificates from being tampered with or stolen.
      • Do not transmit certificates on insecure networks for security purposes.
  • Related cloud services and tools

    Cloud Certificate Manager (CCM): provides one-stop management, such as applying for, issuing, querying, and revoking SSL certificates.