TL;DR: Two-thirds of organisations have suffered outages from unexpectedly expiring certificates, while nearly half still find certificates outside the IT security team’s purview and almost 2 in 5 have three or more departments managing them, according to DigiCert. The message is clear: digital trust fails when certificate ownership, visibility, and lifecycle control are fragmented.
At a glance
What this is: This is a DigiCert perspective on digital trust, centred on certificate lifecycle risk, device and software integrity, and zero-trust authentication.
Why it matters: It matters because certificate sprawl, weak ownership, and missed renewals affect NHI, autonomous, and human identity programmes that depend on trusted endpoints and strong authentication.
By the numbers:
- Nearly 2 in 5 organizations have three or more departments managing certificates.
👉 Read DigiCert's analysis of digital trust, certificate lifecycle, and zero trust
Context
Digital trust depends on knowing which certificates exist, who owns them, and how they are issued, renewed, and revoked. When that lifecycle is split across teams, the result is not just administrative friction. It becomes an identity and access problem because certificates are the trust layer behind machines, applications, devices, and many service connections.
DigiCert frames the issue around authentication, encryption, and integrity, but the governance lesson is broader. Certificate sprawl creates the same operational weakness seen in other identity domains: unclear ownership, inconsistent control points, and a failure to keep trusted assets continuously visible. That is a structural risk for NHI, workload identity, and human access ecosystems alike.
Key questions
Q: How should security teams manage certificate lifecycle risk across multiple departments?
A: Security teams should centralise certificate inventory, ownership, renewal, and revocation even when operational teams request or use the certificates. The main failure is not complexity alone but fragmented accountability. A single control process reduces expiry outages, closes audit gaps, and makes it possible to enforce consistent trust decisions across devices, services, and applications.
Q: Why do certificate management failures create zero-trust problems?
A: Zero trust depends on continuous verification, but verification is only as good as the certificate or trust signal behind it. If certificates are stale, misplaced, or managed outside security oversight, the organisation cannot reliably validate the endpoint or service. In that condition, zero trust becomes policy language without dependable execution.
Q: What do organisations get wrong about certificate rotation and renewal?
A: Many teams treat certificate renewal as a calendar task instead of a governance control. That approach misses ownership, dependency mapping, and revocation readiness. The result is predictable expiry outages, slow remediation, and certificates that remain active long after the system or business process they supported has changed.
Q: Who should own certificate governance in an enterprise?
A: Certificate governance should sit with identity and security leadership, but operational responsibility must extend to the teams running the systems that use the certificates. The key is not where the task lives administratively. It is whether one accountable process can see the full lifecycle from issuance to retirement.
Technical breakdown
Certificate lifecycle management failures
Certificate lifecycle management covers discovery, issuance, renewal, rotation, and revocation. The failure mode is not simply expired certificates. It is fragmented ownership that allows certificates to exist outside normal security workflows, so no single team can reliably answer what is active, where it is used, or when it will fail. In practice, that creates outages, audit blind spots, and delayed remediation. As environments grow more connected, lifecycle drift becomes a control-plane problem, not a clerical one.
Practical implication: assign clear ownership for every certificate and tie renewal and revocation to a single control process.
PKI, device identity, and code signing
Public key infrastructure provides the trust mechanism, while certificates prove identity and support encryption and signing. On devices, code signing adds integrity by allowing only signed software to boot or update. That matters because trust is not only about authenticating a device at login. It is about ensuring the device remains trustworthy across its operating life, including firmware updates and remote servicing. If signing workflows are weak, attackers can tamper with the chain of trust even when network controls are intact.
Practical implication: connect code signing and device identity controls to the same governance model used for certificate issuance and expiry.
Zero trust and certificate-based authentication
Zero trust assumes every connection must be verified continuously, and certificates are one of the main ways to do that for devices, services, and applications. But certificate-based authentication only works if trusted endpoints are known, monitored, and refreshed before they become stale. When certificates are missed, over-distributed, or managed outside security oversight, zero trust becomes a policy statement rather than an enforceable control. The technical issue is not the cryptography itself. It is the lifecycle discipline behind it.
Practical implication: treat certificate visibility and rotation as prerequisites for zero-trust enforcement, not as downstream housekeeping.
NHI Mgmt Group analysis
Certificate sprawl is a governance problem before it is a technical one. DigiCert’s own survey data points to outages, fragmented ownership, and certificates managed outside IT security. That combination tells us the control failure is not just expiry monitoring but lack of a single accountable lifecycle. The implication is that certificate governance must be treated as an identity programme capability, not a tooling add-on.
Digital trust breaks when trusted assets outlive their oversight model. Certificates, keys, and device identities are only reliable if the organisation can continuously discover, assign, and revoke them. Once multiple departments manage the same trust layer, assurance becomes partial and remediation slows down. Practitioners should read this as a warning that distributed ownership weakens the trust boundary itself.
Zero trust cannot compensate for unmanaged certificate lifecycles. The model depends on continuous verification, but verification is only meaningful when the underlying identity artefact is current and traceable. If certificate records are stale or incomplete, the policy engine is evaluating an unreliable trust signal. That makes lifecycle control a prerequisite for zero-trust maturity, not a downstream task.
Certificate lifecycle management is the identity blast radius control for connected systems. In device fleets, software supply chains, and service-to-service communication, one stale or orphaned certificate can undermine many dependent systems at once. That is why this topic connects human IAM governance, NHI oversight, and operational resilience. Practitioners need one coherent trust inventory across all three.
From our research:
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to the Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, which shows how often lifecycle control still fails before governance can begin.
- For the broader lifecycle lens, see Ultimate Guide to NHIs , Key Challenges and Risks for the control gaps that most often turn into operational exposure.
What this signals
Certificate lifecycle visibility will increasingly be treated as an identity control, not a platform hygiene issue. Teams that still separate PKI oversight from IAM and operational ownership will continue to miss the point of trust governance. The practical shift is toward one inventory, one owner model, and one renewal process across machines, services, and connected devices.
The next maturity step is not more certificates. It is fewer unmanaged trust relationships and clearer dependency mapping across business units. When certificate records are incomplete, every downstream control, including zero trust and device integrity, inherits that uncertainty.
For practitioners
- Inventory every certificate and owner Build a single authoritative register that records certificate purpose, owner, system dependency, expiry date, and renewal path. Include certificates managed by application teams, infrastructure teams, and external operators.
- Unify renewal and revocation workflows Route renewal approvals, revocation triggers, and exception handling through one process so no certificate can drift outside governance. Escalate orphaned certificates immediately when ownership is unclear.
- Tie device trust to signed software Require code signing for firmware and software updates on connected devices, and verify that update pipelines preserve signing integrity from build to deployment.
- Measure certificates outside security oversight Track the proportion of certificates owned by non-security teams, the share nearing expiry, and the number of business units sharing certificate management responsibilities.
Key takeaways
- Digital trust fails fastest when certificate ownership is split across teams and no one can enforce a single lifecycle control.
- The evidence in this article shows outages, fragmented oversight, and multi-department management are already common operational weaknesses.
- Practitioners should treat certificate inventory, renewal, and revocation as core identity governance controls, not as background administration.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Certificate renewal and revocation failures map to unmanaged non-human identity lifecycle risk. |
| NIST CSF 2.0 | PR.AC-1 | Certificate-based authentication underpins identity proofing and access control for connected systems. |
| NIST Zero Trust (SP 800-207) | PR.AC-4 | Zero trust depends on current, trustworthy certificates for service and device verification. |
Align certificate governance with access-control review and continuous verification processes.
Key terms
- Certificate Lifecycle Management: The end-to-end control of digital certificates from discovery and issuance through renewal, rotation, and revocation. In practice, it is an identity governance discipline because unmanaged certificates can break authentication, create outages, and leave trusted assets active after they should have been retired.
- Digital Trust: The assurance that digital systems, devices, users, and data can be verified as authentic, intact, and authorised. It depends on cryptographic controls such as PKI, certificates, and signing, but it only works when ownership and lifecycle management are consistent across the environment.
- Code Signing: A cryptographic process that verifies software or firmware has been signed by an approved source and has not been altered. For connected devices and supply chains, code signing extends trust beyond login authentication and into the integrity of what is allowed to run.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or lifecycle governance in your organisation, it is worth exploring.
This post draws on content published by DigiCert: Solving digital trust for the real world. Read the original.
Published by the NHIMG editorial team on 2025-10-01.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
