Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Securing Web Transactions TLS Server Certificate Management



Murugiah P. Souppaya, William A. Haag Jr., Mehwish Akram, William C. Barker, Rob Clatterbuck, Brandon Everhart, Brian Johnson, Alexandros Kapasouris, Dung Lam, Brett Pleasant, Mary Raguso, Susan Symington, Paul Turner, Clint Wilson, Donna F. Dodson


Transport Layer Security (TLS) server certificates are critical to the security of both internet- facing and private web services. Despite the critical importance of these certificates, many organizations lack a formal TLS certificate management program and do not have the ability to centrally monitor and manage their certificates. This NIST Cybersecurity Practice Guide shows large and medium enterprises how to employ a formal TLS certificate management program to address certificate-based risks and challenges. It describes the TLS certificate management challenges faced by organizations; provides recommended best practices for large-scale TLS server certificate management; describes an automated proof-of-concept implementation that demonstrates how to prevent, detect, and recover from certificate-related incidents; and provides a mapping of the demonstrated capabilities to the recommended best practices and to NIST security guidelines and frameworks.
Special Publication (NIST SP) - 1800-16
Report Number


Authentication, certificate, cryptography, identity, key, key management, PKI, private key, public key, public key infrastructure, server, signature, TLS, Transport Layer Security


Souppaya, M. , Haag, W. , Akram, M. , Barker, W. , Clatterbuck, R. , Everhart, B. , Johnson, B. , Kapasouris, A. , Lam, D. , Pleasant, B. , Raguso, M. , Symington, S. , Turner, P. , Wilson, C. and Dodson, D. (2020), Securing Web Transactions TLS Server Certificate Management, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed May 20, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created June 16, 2020, Updated May 4, 2021