New Research Reveals 18% of Online Certificates Contain Security Risks

New Research Reveals 18% of Online Certificates Contain Security Risks

In a digital-first world, where billions of devices communicate securely through cryptographic keys and digital certificates, managing digital trust is more critical than ever. However, new research from Keyfactor has uncovered alarming security risks in 18% of all certificates used online, raising concerns about compliance failures, cyber threats, and overall security gaps.

Why This Matters

Every connected device—from manufacturing equipment to energy grids, cloud servers, and industrial control systems—relies on digital certificates to verify identity and secure communications. But with organizations managing hundreds of thousands of certificates, security gaps can easily form.

Keyfactor’s research highlights how certificate misconfigurations and cryptographic weaknesses can put enterprises at risk, making machine identity management a growing challenge for CISOs and security teams.

Key Certificate Risks Uncovered

Analyzing 500,000 online certificates, the research team identified several critical defects, including:

• Certificates with negative serial numbers – One in 27 certificates had a non-positive serial number, affecting trust validation.
• Certificates with long lifespans – One in 13 certificates had a lifespan exceeding two years, increasing security risks.
• Large certificate file sizes – Many certificates exceeded 100kB, making them incompatible with default system settings, leading to validation failures.
• No key usage defined – One in 29 certificates lacked key usage specifications, meaning they could be misused for unintended purposes.
• CA certificates without basic constraints – One in 32 certificates were issued by a Certificate Authority missing Basic Constraints, weakening trust hierarchies.

When extrapolated to the 8 billion known certificates online, these findings reveal millions of vulnerable digital certificates, increasing the likelihood of security breaches, operational failures, and compliance violations.

How CISOs and Security Teams Can Mitigate These Risks

To combat these certificate vulnerabilities, organizations must take a proactive approach to certificate management, including:

• Continuous discovery and monitoring – Automatically identifying and tracking all certificates in use.
• Automated certificate lifecycle management – Ensuring timely renewal and revocation of weak or expired certificates.
• Strict policy enforcement – Implementing best practices for cryptographic strength, key usage, and compliance.
• Risk-based certificate management – Prioritizing certificate remediation based on real-time risk scoring.

With the upcoming launch of Keyfactor Command Risk Intelligence, organizations will gain unmatched visibility into certificate vulnerabilities, allowing CISOs and security teams to proactively manage risks before they escalate.

Final Thoughts

Digital trust is the backbone of secure industrial and enterprise ecosystems. As cyber threats evolve, certificate misconfigurations and weak cryptographic practices can create hidden security gaps. This research underscores the urgent need for organizations to strengthen their certificate management strategies to prevent breaches, maintain compliance, and uphold trust across their digital environments.

To read more, access the full report here: https://www.keyfactor.com/command-risk-intelligence-report/

Related articles:

• IIoT World Days 2025: What’s Next in IIoT, AI & Cybersecurity?
• Fortinet OT Security Summit: Strengthening Cybersecurity for Critical Infrastructure