Security Certificate Inventory and Management

Hello!

Several years ago, I was tasked with oversight for our security certificate inventory and management after we encountered unintended outages because no change management was in place to insure everyone was on the same page.

Our change management process is considerably better as we're using actual change requests instead email. 😃

Our previous security certificate inventory was a privately held spreadsheet by the person managing most of our certificate renewals and update. If our Nagios admin cannot configure an alert to check a cert, we're at risk of missing a certificate expiration.  We have self signed certificates as well as certificates purchased from vendors. 

We're now relying on report from Nagios based on certificate checks configured by our Nagios admin. This data goes into Splunk and I receive a weekly report with certificate data.  I'm using a MS Team channel that includes systems admins as well as database and application development resources.  I alert the group when a certificate or certificates are expiring in 30 days.  I've been told that no certificate renewals can be done more than 30 days prior to expiration.  In short, I nag until someone submits a change request with a scheduled maintenance window to update the certificate(s) prior to expiration.

Although our current process is much better than when I first became involved, improvement is needed so I'm asking for suggestions/recommendations.

What security certificate inventory management solutions are you using?  What are your security certificate management processes?

Thank you!

Jodi