As a provider of solutions that guarantee online transactions, with twenty-five years of experience in the market, CertiSur is well positioned to help organizations on their journey to achieve crypto agility. The need to properly manage digital certificates will become, in the coming years, a major challenge that is worth starting to address.
In 2023, an expired digital certificate caused a major outage of the satellite constellation services Starlink , operated by SpaceX. The same happened in March of this year with the services of Chromecast from Google. The management of this type of certificates —which are the ones that guarantee the security of information exchange on public networks, through encrypted communications— is becoming a complex and critical issue, and it will be much more so in the coming years due to new regulations and the shortening of validity periods.What's the answer to this challenge? Partner with service providers who know how to handle these issues, and use discovery and automation tools that improve certificate management.Certisur was founded twenty-five years ago with the objective of providing these trust services."Our products aim to ensure secure online transactions. We want people operating on the Internet to do so safely" , defined Nestor Markowicz, Chief Operation Officer (COO) of CertiSur . The solutions that CertiSur commercializes cover four axes."One deals with brand security, another with contract security. The third relates to company security and the last with customer security. We have solutions for each of those four groups" , added Markowicz. The company is headquartered in Argentina, with administrative offices in Chile and the United States. It currently has 25 employees, half of whom have technical expertise. In some countries in the region it operates through partners. In Argentina it operates directly, but is open to partnerships with other partners to provide its joint solution (where the partner manages the client relationship, not Certisur). To enable potential partners and clients, Certisur's team offers training on its solutions. However, Markowicz clarified, it is niche technology."The expertise related to this technology is not something everyone has. And this technology is evolving faster and faster" , he warned.
Certifying to secure and provide trust
Depending on the products, CertiSur's customers are located in different verticals. For example, in its offering related to SSL certificates (the one that guarantees secure information exchange between a website and visitors' browsers)," clients from all types of companies are involved. Every company needs to have an SSL certificate. If a website does not have this certificate, browsers can display the warning of unsecured site or block access to the site".
"Then we have other business lines that focus primarily on the financial market. These solutions make it possible to secure end-user transactions. It's PKI (Public Key Infrastructure) technology, with which we give our clients the ability to issue digital certificates for their respective clients" , explained Markowicz. This is only part of the technology that Certisur provides in partnership with world-renowned brands, such as DigiCert. "The certificate allows you to sign, but for the transaction to take place on the web you need software that allows you to take that certificate and apply it to the operation you want to perform. We developed software called ALISON for this purpose" , detailed the executive. The history of ALISON's development goes back to 2010, when Verisign—a provider, among other things, of authentication solutions that Certisur represented—sold that part of its business to Symantec. Soon customers began to notice the disinvestment that the new owner was making in this category of solutions. That's when Certisur decided to start doing in house all those software developments that Symantec was not providing, but that were necessary to support and update the solutions."In 2017 Symantec sold this piece of its business to a company called DigiCert: the number one in digital certificates" , said Markowicz. More recently, Certisur evolved this platform (now called ALISON Server) to the cloud, providing this service "as a service" (previously it was necessary to install software locally).
The urgency to gain crypto-agility
CA/Browser Forum is an organization that groups certificate authorities such as DigiCert itself, but also internet browser providers, such as Google, Mozilla and Microsoft, and major technology companies like Apple. This forum created in 2005 is responsible for establishing the rules that regulate digital certificates installed on servers, and also controls (with great rigor) their compliance. Precisely the CA/Browser Forum is the one that, for some time now, has been reducing the validity periods of certificates, in accordance with security risks and new technologies that are emerging (especially with a horizon where post-quantum computing is already appearing and its promise of quickly solving traditional encryptions). From periods of validity that were measured in six or seven years, progressively arrived at one year, which is the validity window currently being used."But starting next year that will change. In March 2026 the duration of certificates will be reduced to 200 days. In March 2027, validity will drop to just 100 days. And in March 2029, two years later, it will be reduced to 45 days" , summarized Certisur's COO. Doing this manually, especially if you're managing dozens or hundreds of certificates (even,wildcard certificates, in different instances) will become an impossible task."Some kind of certificate management software will be needed to handle all administrative processes related to digital certificates. That manager should provide at least two particular capabilities. The first, ofDiscovery" , Markowicz listed."To be able to act on your platform, you need to know where your cryptographic assets are. Certificates can be scattered across different servers, some physical, some in the cloud, some public and others on your intranet. So you need a manager that lets you see which certificates are deployed. The first solutions being implemented are Discovery solutions, which scan to discover all those installed certificates, their characteristics and what state they're in" , clarified the COO."We have two Discovery solutions: one from DigiCert and another from AppViewX. The latter offers very granular and customizable automation, integrating natively with a wide variety of hybrid and multicloud environments" , he added. The second desirable capability is automation (Automation ) of the renewals."Any company that has more than ten or fifteen certificates, no matter what industry it's in, will need this type of solutions. Or else think of some automation mechanism. There are free automation tools through the ACME protocol (Automatic Certificate Management Environment)" . However, Markowicz clarified, it is not a trivial task: it has many of its own complexities and there are a large number of variants within those deployments. When asked about the maturity status of organizations in terms of crypto agility , Certisur's COO admitted:"Regarding SSL certificates, we see it as a known and mature technology. That technology is spread throughout the organization, but there are not many specialists in this area: it's very sensitive and a mistake can leave systems non-functional. That would have a big impact on the organization".
"We recommend that they outsource these services, that they not do it internally. We ask them to trust those specialists who have been doing it for many years" , urged Markowicz.Enfasys
