D3-CERO

Harden
Certificate Rotation

Definition

Certificate rotation involves replacing digital certificates and their private keys to maintain cryptographic integrity and trust, mitigating key compromise risks and ensuring continuous secure communications.

How it works

Certificate rotation should be performed when:

Any certificate expires.

A new CA authority is substituted for the old, thus requiring a replacement root certificate.

New or modified constraints need to be imposed on one or more certificates.

A security breach has occurred.

Considerations:

Managing certificate rotation across an enterprise can be complex. Automated solutions, sold by multiple vendors, should be considered to manage this complexity.

Artifact Relationships

This defensive technique relates to specific digital artifacts.

regenerates
hardens
Certificate Rotation
Certificate
Credential

References

Reference - Password and Key Rotation - SSH