Outages caused by expired server certifcates are costly and can easily be prevented by automated certificate renewals or even notifications of the administrators.
The communication via HTTP or other application protocols is protected by the TLS protocol (former SSL). X.509 certificates are used for the authentication of the server and negotiation of session keys. For public web servers, these certificates must be issued by a trusted public CA. For internal servers, certificates from an internal private CA may be used. The lifetime of public TLS certificates, currently one year, decreases more and more and therefore an automated certificate management is required urgently.
Manual management processes are time-consuming and costly. Absence of administrators or human errors in a spreadsheet-managed environment bury a high risk.
The number of server certificates, their origin and their location is unknown. Hundreds or thousands of certificates with unknown expiration dates from a variety of CAs are used.
The ownership of certificates is often not defined. Who is responsible for the renewal in-time? Who manages the CA-contract?
The lifetime of public TLS certificates is currently one year and some CAs offer even 90 days. It will decrease more and more and exacerbates the renewal problem.
Autoenrollment and -renewal using standard protocols as ACME, REST and SCEP for popular web servers. Support of multiple CAs like public CAs, managed private CAs or a Microsoft CA.
Your network may be scanned manually or automatically for TLS server certificates or for SSH keys. The found certificates and keys are then available for a central management.
An administrator can upload or easily generate certificate requests. He can find and download, delegate, renew or revoke his certificates. Additional meta information helps to structure management processes.
Control certificate operations by role-based user authorization, manual approval, server validation and domain authorization. Use customizable e-mail notifications on certificate events. Group-sharing of certificates facilitates and secures their management.
Secardeo TOPKI provides software components that serve for specific management tasks for SSL/TLS server certificates. By this you can request certificates from public or private CAs in the cloud. Or you can use an internal Microsoft CA. Autoenrollment of SSL/TLS certificates is provided by support of the standard ACME protocol. For a manual enrollment, web-based self-services for server administrators are provided. For higher security requirements approval and acceptance workflows can be used. Certificate management is divided to specific roles. The management of users, groups, roles and permissions is done by using Active Directory mechanisms. Automatic notifications and generated reports help to get a full control over all certificate related events. A REST API can be used for the integration of IT applications into the certificate management workflow.
© 2024 Secardeo GmbH.
All rights reserved.