News & Events

Support of the ACME protocol in the SCM (Certificate Manager)

Limits human error and website downtime while giving companies the ability to configure automation workflows

Despite the increasing use of modern, flexible computer environments such as virtualization, containerization, Internet of Things (IoT) and cloud by companies, a large number of IT administrators continue to provide and manage certificates. old-fashioned techniques that are better suited to the infrastructure of the 1990s than today's DevOps environments. This “spreadsheet management” leads to inefficiency and the risk of failure or non-compliance due to human error.

To solve this problem, technology partner Sectigo, the world's largest commercial certification authority and a leading provider of web security solutions, today announced that it supports the ACME protocol for the popular SCM platform. By adding ACME support, Secorio brings the reliability and efficiency of automation to the management of corporate certificates.

Reduce total cost of ownership for certificate management

Up to nine time-consuming steps are required to install an SSL certificate on a server, including signing in, downloading, renewing configuration, and testing. The cost of each installation or renewal is estimated at $ 50 to $ 100 per web. In addition, complexity and costs only increase for web servers that use multiple domains, wildcard certificates, reverse proxies or load balancers.

Each step requires precise management by a web administrator or an employee with technical knowledge to avoid the risk of human error and unexpected downtime, which can be very costly. For example, the mobile operator asked O2 compensation in the millions from Ericsson after 32 million of its customers and other mobile operators around the world stopped using the service. The day-long collapse of network data in December 2018 was due to an expired certificate in the Ericsson technology stack that serves these network operators.

“Manual installation of SSL certificates requires special knowledge, without which the company can risk misconfiguration, a lack of transparency in the installed certificates and the inability to quickly replace certificates due to unplanned events. A web administrator who is more familiar with HTML coding and website creation and less experienced with the Linux shell may find it difficult to complete the required steps or spend a lot of time learning, ”added Kent.

Four ways to automate while maintaining control

Advances in the Secorio Certificate Manager platform address these enterprise-scale challenges by deploying mechanisms to automate the installation and renewal of SSL certificates on servers in traditional data centers or in a DevOps environment, making both deployment and ongoing management complete be automated. This ACME support applies to SSL certificates with extended validation (EV), organization validation (OV) and domain validation (DV).

  • Industry standard ACME protocol - The Automated Certificate Management Environment (ACME) developed by the IETF defines an extensible framework for automating certificate issuance and validation processes so that servers can receive DV, OV and EV SSL certificates without manual user interaction. Over 100 open source ACME clients are available to automate certificate issuance on Apache, IIS, NGINX, F5 BIG-IP, Citrix NetScaler and other popular web servers and network devices. The ACME tools fully automate key generation, domain control verification, certificate generation and server installation. If public certificates are required, the customer can request them directly from Secorio.
  • Proprietary automated method - For Apache, IIS, Tomcat and F5-BIG-IP environments, Secorio provides a client for installation in one place at the customer, which can then communicate with all of the company's servers. Sectigo Certificate Manager embeds the web server administrator's credentials for the installation of certificates and the transfer of private keys in these agents.
  • Custom workflows with REST API - Customers can use Secorio REST Install Full API (Representational State Transfer) certificates, allowing for a bespoke workflow, including approvals and other steps. The administrator can request approval for certificate requests from the ACME client and discover, track, run reports, and make manual changes to certificates.
  • Tighter integration with products from third-party  Secorio has integrated into F5 BIG-IP and is working on additional third-party integrations to ensure full automation and workflow management.

More information can be found in the ACME-Automation Video .

Leave a Reply