X.509 certificates are the cornerstone of brokered trust across the digital landscape both inside and outside the firewall. Often they are too trusted and become the weapon of choice for attackers looking for the easiest way to bypass the first layers of controls. Implementing additional layers of certificate quality controls using a Defense in Depth strategy reduces the X.509 certificate attack surface and ensures a reliable trust anchor. An assessment of the existing current environment is the first step in establishing the organizational TLS maturity level and prioritizing any required X.509 Certificate remediation.