TLS Server Certificate Management

Current Status

This project is currently seeking technology vendors to participate in the development of an example solution. Please see our Federal Register notice for more information. After reviewing the notice, if you as a technology provider are interested in providing products and technical expertise as a collaborator on the reference design for the listed projects please send an email to requesting a Letter of Interest template.

Download the TLS Server Certificate Management project description for more information on the project.


The National Cybersecurity Center of Excellence (NCCoE) at NIST recognizes the need to ensure secure communications between clients and servers. To enhance secure communications, the NCCoE has launched a project entitled: TLS (Transport Layer Security) Server Certificate Management. This project will use commercially available technologies to develop a cybersecurity reference design that can be implemented in enterprise environments to reduce outages, improve security, and enable disaster recovery activities related to TLS certificates.

TLS is a broadly used cryptographic protocol that provides authentication and encryption of communications between clients and servers. TLS requires the use of a certificate that contains information about the certificate owner and a corresponding private key.  A server using TLS must have a certificate (and the corresponding private key) to authenticate themselves and to establish symmetric keys for encryption.  The on-going maintenance of TLS certificates is labor-intensive and can produce erroneous condition(s) if the certificate maintenance is not performed carefully and in a systematic manner.

This project focuses on the management of TLS server certificates in medium and large enterprises that rely on TLS to secure both customer-facing and internal applications. Client certificates may optionally be used in TLS for mutual authentication, but the management of client certificates is outside the scope of this project. This NCCoE project will demonstrate how to establish, assign, change and track an inventory of TLS certificates. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Join Our Community of Interest

Interested in joining the TLS Server Certificate Management Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.

News and Events