SKILL

Performing Ssl Certificate Lifecycle Management

SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring, renewing, and revoking X.509 certificates. Poor certificate management is a leading

Published by @mukul975·0 agent reads / 30d·0 saves·

Performing SSL Certificate Lifecycle Management

Overview

SSL/TLS certificate lifecycle management encompasses the full process of requesting, issuing, deploying, monitoring, renewing, and revoking X.509 certificates. Poor certificate management is a leading cause of outages and security incidents. This skill covers automating the entire certificate lifecycle using Python and ACME protocol tools.

When to Use

  • When conducting security assessments that involve performing ssl certificate lifecycle management
  • When following incident response procedures for related security events
  • When performing scheduled security testing or auditing activities
  • When validating security controls through hands-on testing

Prerequisites

  • Familiarity with cryptography concepts and tools
  • Access to a test or lab environment for safe execution
  • Python 3.8+ with required dependencies installed
  • Appropriate authorization for any testing activities

Objectives

  • Generate Certificate Signing Requests (CSRs) programmatically
  • Parse and validate X.509 certificates
  • Monitor certificate expiration across infrastructure
  • Automate renewal using ACME protocol (Let's Encrypt)
  • Implement certificate revocation checking (CRL and OCSP)
  • Track certificate inventory across multiple domains

Key Concepts

Certificate Lifecycle Stages

  1. Request: Generate key pair and CSR
  2. Issuance: CA validates and issues certificate
  3. Deployment: Install certificate on servers
  4. Monitoring: Track expiration and health
  5. Renewal: Request new certificate before expiry
  6. Revocation: Invalidate compromised certificates

Certificate Types

TypeValidationUse Case
DV (Domain Validation)Domain ownershipWebsites, APIs
OV (Organization Validation)Domain + org identityBusiness sites
EV (Extended Validation)Full legal verificationE-commerce, banking
Wildcard*.domain.comMulti-subdomain
SAN/UCCMultiple domainsMulti-domain hosting

Security Considerations

  • Set up automated monitoring for all certificates
  • Use ECDSA (P-256) certificates for better performance over RSA
  • Enable OCSP stapling on all servers
  • Implement Certificate Transparency log monitoring
  • Maintain inventory of all certificates and their locations
  • Plan for CA compromise scenarios (key pinning, backup CAs)

Validation Criteria

  • CSR generation produces valid PKCS#10 request
  • Certificate parsing extracts all relevant fields
  • Expiration monitoring detects certificates within threshold
  • Certificate chain validation verifies trust path
  • OCSP checking detects revoked certificates
  • Certificate inventory tracks all deployed certificates

Bundled with this artifact

9 files

Reference files that ship alongside this artifact. Agents pull these in only when the task needs them.

More on the bench

SKILL0

Devsecops Ssdlc Appsec Cursor Rule

Cursor rules for secure coding, secret handling, dependency hygiene, authentication, authorization, security testing, and compliance documentation.

cybersecurity-soc+1
0
SKILL0

Audit Skills

Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).

sickn33 and contributors
cybersecurity-soc+2
0
SKILL0

VibeSec Skill

This skill helps Claude write secure web applications. Use this when working on any web application or when a user requests a scan or audit to ensure security best practices are followed.

BehiSecc
cybersecurity-soc+2
0