DigiCert, Inc., the world’s provider of TLS/SSL, IoT and other PKI solutions, announced its new DigiCert Automation Gateway. Automation Gateway launches with integration into DigiCert CertCentral® in Q4. This new automation approach is designed to accelerate the adoption of automated certificate issuance, renewal, reissuance and revocation by tackling some of the common concerns with existing offerings. Automation Gateway will provide organisations the confidence to widely deploy automation protocols within their company networks to provide greater agility.
Acquiring and deploying certificates
Automation Gateway lives on-premises in an enterprise network to securely monitor, automate and process certificate lifecycle events through a controllable proxied connection. It is a communication bridge between DigiCert’s various management and automation tools, such as ACME, to simplify acquiring and deploying certificates.
Deployment of this offering is a significant milestone in DigiCert’s vision to promote and enable crypto-agility and shorter certificate lifecycles. Automation is key in managing security events and responding to new threats.
Increased web security
“DigiCert is dedicated to creating robust management and automation tools that enterprises can use to simplify their security processes and increase web security. With the constant increase in threats, enterprises need agility in how they deploy and manage certificates throughout their organisation,” said Jeremy Rowley, Chief of Product at DigiCert. "Many enterprises are wary of fully adopting automated PKI solutions because of the inherent risk of needing to open their network ports to the public internet. Automation Gateway removes that risk with trusted, automated controllers and proxies.”
Automation Gateway also offers failover to provide uninterrupted uptime and prevent outages. The gateway automatically replaces missing, expired or revoked certificates on connected devices. Using the gateway, any number of internal servers can be automatically updated. With smart meshed interaction, if one node goes dark in the network, devices may still acquire certificates and continue to function securely.
Automation of certificate replacement
Previous industry events, such as the transition from SHA-1 to SHA-2, demonstrate the need for a more agile web PKI. In addition, CA/B Forum requirements specify that a certificate must be replaced within 24 hours for key compromise and similar events, and five days if information changes or there is a technical gap in certificate contents. Automation is critical in meeting these requirements.
Continued Rowley, “Automation Gateway in CertCentral will offer an intuitive experience, with smart software that remembers organisational security preferences and eliminates the manual configuration currently required for ACME certbot and other clients in use today."
CertCentral Automation Tools integration
When released later, Automation Gateway will join CertCentral Automation Tools to provide a completely automated certificate management solution. Currently, CertCentral Automation Tools feature the following benefits:
- Automation and discovery across multiple servers for larger-scale networks
- The ability to utilise agents for easy to manage, scalable ACME deployments for OV and EV, with DV coming soon
- Seamless integration with OEM solutions such as F5, Citrix NetScaler, A10 as well as popular server orchestration and management platforms such as Chef, Puppet, ServiceNow and more
- Customisable automation through APIs to integrate DigiCert tools and a customer’s system
- Auto-renew configuration via CertCentral console