This white paper explains why dual-purpose TLS certificates—used for both authentication and encryption—are becoming a security liability as environments scale and cryptographic threats evolve. It outlines how certificate misuse increases attack surfaces, complicates lifecycle management, and limits readiness for post-quantum cryptography. The document advocates separating identity and encryption certificates to improve visibility, automation, and policy enforcement. It highlights challenges such as certificate sprawl, manual rotation, outages caused by expired certificates, and lack of ownership over machine identities. The paper positions modern machine identity management as a foundation for Zero Trust, emphasizing automation, cryptographic agility, and centralized governance to support

Join for free to read