DigiCert Uses Containers to Extend Certificate Management Reach

DigiCert today launched DigiCert Automation Manager that employs containers to make a cloud platform for managing certificates more accessible from within an on-premises IT environment.

Brian Trzupek, senior vice president of product for DigiCert, says DigiCert Automation Manager makes it simpler for organizations that have machines running in an on-premises environment to automatically install and update certificates using sensors that connect it to the DigiCert CertCentral Enterprise service via a DigiCert Automation Manager deployed as a containerized application.

That approach requires IT teams to open only a single API connection through port 443 for all servers in an on-premises IT environment. DigiCert Automation Manager has also been certified to integrate with load balancers from F5 Networks, Amazon Web Services (AWS) and A10 Networks, with support for web servers such as Apache, Nginx and Microsoft Internet Information Services (IIS) planned.

Those capabilities make it possible to provision and renew certificates at a pace that can keep up with the rate at which application workloads are now being deployed using microservices. A typical DV SSL certificate can usually be issued in minutes by the average certificate authority (CA). However, for organizations that have adopted agile development and DevOps best practices, that may not be fast enough. There is now a need to issue a certificate in seconds, as microservices constructed using containers are ripped and replaced to add new capabilities to applications deployed on machines at increasingly faster rates.

IT teams can now centrally manage certificates across a hybrid cloud computing environment via a single console, notes Trzupek. In the future, DigiCert also plans to integrate DigiCert Automation Manager with multiple IT service management (ITSM) platforms, Trzupek adds.

It’s not uncommon for entire web sites to suddenly become unavailable because someone didn’t renew a certificate after it was initially issued. A forthcoming 2021 State of Public Key Infrastructure (PKI) Automation survey, conducted by DigiCert, finds more than a quarter of organizations (26%) experienced more than five instances of site downtime due to certificate expiration over the course of a six-month period.

Respondents noted that a lack of certificate management leads to compliance (54%), security (53%) and cost issues (53%). In many instances, the developer or IT professional that originally requested a certificate is no longer working for the organization. As a result, the alert advising that developer of the need to renew a certificate never finds its way to whoever has assumed that responsibility within the organization.

It’s unclear these days who within an organization is ultimately responsible for certificates. Historically, certificates have been managed by cybersecurity teams, or have fallen under some other IT operations function. However, as more responsibility for cybersecurity shifts left toward developers, many DevOps teams are now programmatically managing the certificate issuance and renewal process within the context of their application development and deployment workflows.

Regardless of who manages certificates, the number of them being employed to make sure communications between machines are encrypted is increasing as organizations become more conscious of cybersecurity. The challenge now is finding a way to manage a larger number of certificates, faster.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1158 posts and counting. See all posts by Mike Vizard