Securely store ssl certificates with expiration date

Yes, you can securely store SSL Certificates (CSR,CRT,PEM) along with their passwords in a password manager like 1Password, but it doesn't natively track expiry dates or send alerts. A better approach is to use a secrets manager (like HashiCrop vault, AWS Secrets Manager or Azure Key Vault) where you can store the certificate files securely and configure automated reminders for expiry. This way you get both strong protection and timely notifications before renewal. To understand in detail how to manage SSL Certificates and save proeprly, you can refer to the following resource at :- https://certera.com/blog/what-is-certificate-management-why-do-businesses-need-centralized-certificate-management-solution/ .  I hope it helps!

Personally I use secure notes items for those. I can attach the files on it also.

I have added you to the list of users who would find this useful @anderssv, thank you for sharing :)

While I agree with Former Member , we are not in total control of everything around us. We have several certificates (for sign/encrypt, and some SSL), and also other credentials that need manual refresh/handling based on auto expire. So we would really love a feature like this.

Thank you for sharing your experience on this Former Member!

A password manager like 1Password doesn't really fit best practice workflow for handling certificates. As someone who takes part in certificate management in our company, I have a bit of experience with this and know about best practice.

If you talk about some SSL certificate used on a web server for SSL/TLS, best practice is to automate renewal. Choose a CA that allows automated renewal with tools like CertNanny or ACME (Letsencrypt supports this). Everything is stored on the server that handles renewal, often the webserver itself, and your strategy to secure this data is to harden the server against attackers as well as a proper disaster recovery process (backup+restore).

The thing you might store in 1Password are login credentials and your company's validation details for the CA for backup purposes. But certificates and the corresponding private keys need to be renewed and recreated every once in a while, so automate this. If you don't automate renewal, and your manual renewal process gets neglected (this is unavoidable after a few years!), you will get these famous calls: "I'm unable to connect to your website - certificate invalid/expired!)"

If you operate your own CA for your private hosts in your intranet, arrange for automated renewal and certificate distribution. Active Directory has integrated certificate management.

Manual renewal is a process that will become obsolete, because the big browser manufacturers (Google, Mozilla) insist on shorter expiry dates in the future. In the past, it was 2 years. Currently 1 year is longest. 3 months is Letsencrypt. In the future, expect common certification expiry between 3 and 6 months. With such short expiry time, this is something that simply must be automated.

For example, with Letsencrypt and their acme-clients, automating for whatever web server software and whatever firewall and host security your have in your intranet is a breeze.

@pschaller:

I only miss the expiration date with alarm function before the certificate expires.

This would indeed be a nice feature. I see that our developers have an open issue to discuss this feature, so in the meantime I will let them know that you would also like to see this ;)

ref: dev/projects/customer-feature-requests#55

Hi Ana,

Thank you for your response! Very nice of you to answer so quickly. uploading as a zip file is certainly an option. I only miss the expiration date with alarm function before the certificate expires.

Hi @pschaller!

I see that the ingredients are in 1Password but the recipe is missing. Is there any way to realize this? You guys would be really unique with this functionality as far as I can see.

We don't currently have a specific category for SSL certificates, but I wonder if you have considered using Document items for this? You could upload the files as a zip file, and then add custom fields to store all additional information:

https://support.1password.com/custom-fields/

You could also add tags to these entries so you can group all certificates even if they don't have their own category:

https://support.1password.com/favorites-tags/