Certificate Management

Certificate management is the act of monitoring, facilitating, and executing digital

x.509 certificates (SSL certificates). It plays a critical role in keeping communications
between a client and server operating, encrypted, and secure.

Certificate lifecycle management catches faulty, misconfigured, and

expired certificates, then performs the following processes:
1. Generate a certificate or purchase one from a certificate authority (CA)
2. Discover where each certificate is installed and if it is implemented
correctly 
3. Monitor the certificate to ensure it is stored securely and is not expiring
4. Validate that the certificate is still legitimate with the CA or server
5. Revoke or renew the certificate before it expires

The digital certificate definition is basically the same as the definition of an SSL
certificate. That is, SSL certificates are digital documents that verify ownership of a
public key (signature) to ensure confidentiality and security when information is
exchanged between a user’s browser and the web server. 

Certificates work by performing the following processes when a browser

requests to connect to a secure web server:
1. The server sends back to the browser its SSL certificate and public key.
2. The browser checks the legitimacy of the SSL certificate and then
creates a session key, (encrypted with public key), which is then sent
back to the server.
3. The server uses its private key to decrypt the message and sends back
an encrypted acknowledgment. 
4. The browser starts the session and exchanges public-key-encrypted
information with the server.
This system works very unless there is a problem with a certificate.
Certificates expire after a predefined duration (generally between 3 months
and 2 years) and policies are continually being changed.