DigiCert, Inc., the world’s provider of TLS/SSL, IoT and other PKI solutions, announced its new DigiCert Automation Gateway. Automation Gateway launches with integration into DigiCert CertCentral® in Q4. This new automation approach is designed to accelerate the adoption of automated certificate issuance, renewal, reissuance and revocation by tackling some of the common concerns with existing offerings. Automation Gateway will provide organisations the confidence to widely deploy automation protocols within their company networks to provide greater agility. Acquiring and deploying certificates Automation Gateway lives on-premises in an enterprise network to securely monitor, automate and process certificate lifecycle events through a controllable proxied connection. It is a communication bridge between DigiCert’s various management and automation tools, such as ACME, to simplify acquiring and deploying certificates. Deployment of this offering is a significant milestone in DigiCert’s vision to promote and enable crypto-agility and shorter certificate lifecycles. Automation is key in managing security events and responding to new threats. Increased web security “DigiCert is dedicated to creating robust management and automation tools that enterprises can use to simplify their security processes and increase web security. With the constant increase in threats, enterprises need agility in how they deploy and manage certificates throughout their organisation,” said Jeremy Rowley, Chief of Product at DigiCert. "Many enterprises are wary of fully adopting automated PKI solutions because of the inherent risk of needing to open their network ports to the public internet. Automation Gateway removes that risk with trusted, automated controllers and proxies.” Automation Gateway also offers failover to provide uninterrupted uptime and prevent outages. The gateway automatically replaces missing, expired or revoked certificates on connected devices. Using the gateway, any number of internal servers can be automatically updated. With smart meshed interaction, if one node goes dark in the network, devices may still acquire certificates and continue to function securely. Automation of certificate replacement Previous industry events, such as the transition from SHA-1 to SHA-2, demonstrate the need for a more agile web PKI. In addition, CA/B Forum requirements specify that a certificate must be replaced within 24 hours for key compromise and similar events, and five days if information changes or there is a technical gap in certificate contents. Automation is critical in meeting these requirements. Continued Rowley, “Automation Gateway in CertCentral will offer an intuitive experience, with smart software that remembers organisational security preferences and eliminates the manual configuration currently required for ACME certbot and other clients in use today." CertCentral Automation Tools integration When released later, Automation Gateway will join CertCentral Automation Tools to provide a completely automated certificate management solution. Currently, CertCentral Automation Tools feature the following benefits: Automation and discovery across multiple servers for larger-scale networks The ability to utilise agents for easy to manage, scalable ACME deployments for OV and EV, with DV coming soon Seamless integration with OEM solutions such as F5, Citrix NetScaler, A10 as well as popular server orchestration and management platforms such as Chef, Puppet, ServiceNow and more Customisable automation through APIs to integrate DigiCert tools and a customer’s system Auto-renew configuration via CertCentral console
DigiCert, Inc., a provider of TLS/SSL, IoT and PKI solutions, announced that it has issued the world’s first Verified Mark Certificate (VMC) for a domain that sends email at scale: CNN.com. With this certificate, CNN is the first company prepared to participate in upcoming pilots of the BIMI (Brand Indicators for Message Identification) standard that require validated logos. Type of digital certificate A VMC is a new type of digital certificate that proves the authenticity of a logo tied to an email sender’s domain. VMC certificates are not currently in use in BIMI pilots, but they are expected to become a requirement, because they are a scalable way to ensure that corporate logos are not used fraudulently. Businesses have long sought ways to better identify themselves to customers in emails, and VMC certs for BIMI will enable verified brand marks to be displayed. Yahoo Mail is currently running a pilot of BIMI; Google is planning its own BIMI pilot in 2020, though it has not provided specific timing or commented on whether VMC would be required. Other email providers are also expected to begin their own BIMI implementations in the coming year. Enhancement of internet email VMC is a game-changing development for the email ecosystem and demonstrates CNN’s technical leadership"“CNN’s adoption of BIMI with VMC is a game-changing development for the email ecosystem and demonstrates CNN’s technical leadership,” said Seth Blank, director of industry initiatives for Valimail and chair of the AuthIndicators Working Group, which is developing the BIMI standard. “We commend DigiCert for helping to lay the groundwork for this important enhancement of internet email. The AuthIndicators Working Group is excited for many more brands to follow CNN’s leadership.” "DigiCert is excited to work with CNN and members of the AuthIndicators Working Group to take this first step in demonstrating the feasibility and benefit of VMCs for global brands under the BIMI pilot program,” said DigiCert Chief of Product Jeremy Rowley. “We know that there is a demand for issuing VMCs at scale and we are fully committed to providing that capability.” Supporting BIMI and VMC “It’s amazing to see the progress that BIMI has made in the last few years, and the ability to validate logos using VMC is a tremendous step forward,” said Alexander García-Tobar, the CEO and co-founder of Valimail, a leading provider of VMC-enabled BIMI services for domains. García-Tobar is also a co-founder of the AuthIndicators Working Group. “Valimail is committed to supporting BIMI and VMC in the industry as well as our own products, and we are excited to work with DigiCert on this important enhancement to email technology.” Secure, global framework BIMI is a new standard that provides a secure, global framework enabling email inboxes to display sender-designated logos for authenticated messages. It allows domain owners to specify a logo that will appear in the inbox, alongside authenticated email messages sent from their domains. Brands will be able to amplify their online presence in the inbox through authenticated messagesBIMI will work only when both the email and the logo are properly validated. The email must be authenticated through the Domain-based Message Authentication, Receiving & Conformance (DMARC) standard with a policy of quarantine or reject; the logo itself will be validated by the VMC. VMC certificate issued by DigiCert The VMC certificate issued by DigiCert for CNN.com is the first such certificate for a domain used to send email to consumers at high volumes. This certificate puts CNN — which has already been authenticating its domain with DMARC — in an “all systems go” position for participating in BIMI pilots that utilise VMC next year. With widespread use of VMC, BIMI and DMARC, brands will be able to amplify their online presence in the inbox through authenticated messages to consumers that are instantly recognisable through known, protected brand marks. DigiCert is ready to assist customers with pilot projects now and plans to have VMC certificates integrated into its DigiCert CertCentral platform by early 2020.