U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Securing Web Transactions TLS Server Certificate Management

Published

Author(s)

Murugiah P. Souppaya, William A. Haag Jr., Mehwish Akram, William C. Barker, Rob Clatterbuck, Brandon Everhart, Brian Johnson, Alexandros Kapasouris, Dung Lam, Brett Pleasant, Mary Raguso, Susan Symington, Paul Turner, Clint Wilson, Donna F. Dodson

Abstract

Transport Layer Security (TLS) server certificates are critical to the security of both internet- facing and private web services. Despite the critical importance of these certificates, many organizations lack a formal TLS certificate management program and do not have the ability to centrally monitor and manage their certificates. This NIST Cybersecurity Practice Guide shows large and medium enterprises how to employ a formal TLS certificate management program to address certificate-based risks and challenges. It describes the TLS certificate management challenges faced by organizations; provides recommended best practices for large-scale TLS server certificate management; describes an automated proof-of-concept implementation that demonstrates how to prevent, detect, and recover from certificate-related incidents; and provides a mapping of the demonstrated capabilities to the recommended best practices and to NIST security guidelines and frameworks.
Citation
Special Publication (NIST SP) - 1800-16
Report Number
1800-16
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

DOI Link

Keywords

Authentication, certificate, cryptography, identity, key, key management, PKI, private key, public key, public key infrastructure, server, signature, TLS, Transport Layer Security
Cryptography and Cybersecurity

Citation

Souppaya, M. , Haag, W. , Akram, M. , Barker, W. , Clatterbuck, R. , Everhart, B. , Johnson, B. , Kapasouris, A. , Lam, D. , Pleasant, B. , Raguso, M. , Symington, S. , Turner, P. , Wilson, C. and Dodson, D. (2020), Securing Web Transactions TLS Server Certificate Management, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.1800-16 (Accessed July 8, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created June 16, 2020, Updated May 4, 2021
Was this page helpful?