Symantec has introduced a cloud-based Symantec Certificate Intelligence Center to keep track of SSL server certificates used by an organisation.

The service works with an on-premises software component that can help IT managers seek rogue SSL certificates and check when internal certificates expire.

"Every SSL certificate comes with a shelf life, as they expire in one, two or three years," said Amar Doshi, Symantec senior manager of product management. Symantec Certificate Intelligence Center lets IT managers track both public web-facing and internally-used certificates in order to act before these certificates expire. He said that the service is similar to one offered by competitor Venafi.

In addition, Symantec's cloud-based service, working in conjunction with the on-premises component, which is available based on Red Hat Linux or VMware-based virtual appliance, can scan to detect so-called "rogue certificates," Doshi says.

Doshi said that rogue certificates have been discovered in corporate networks because someone at a company went and got them from a certificate authority that was not the usual source, or sometimes this has even been done maliciously. The bottom line is the certificate isn't officially recorded as in use by the business. The certificate-scanning service would be able to seek them out and report back on them.

Symantec last year acquired the VeriSign trust services group for over £900 million. The Symantec Certificate Intelligence Center service, now in beta, is the first new major product/service roll-out since the time of the acquisition.