DigiCert Automation Manager
In the current heterogeneous corporate environment, where all applications and systems have moved to the cloud, we use a large number of TLS certificates. Managing them becomes increasingly challenging for companies, and it is impossible to manage everything manually as the number of certificates grows. Fortunately, there is an option to easily automate the lifecycle of certificates on servers, as well as on devices that do not support the ACME protocol.
DigiCert Automation Manager as an Alternative to ACME Agents
You are probably familiar with the ACME protocol and its use. On the server side, it is used through so-called agents - these simple programs are responsible for obtaining, configuring, and renewing TLS certificates in a timely manner. They are particularly useful for web servers where you set up the agent and let it do the work. The agent will keep the certificate up to date and adjust the web server configuration automatically ("installing" the certificate).
We recommend automating with ACME agents mainly for smaller companies and smaller PKI ecosystems because it is still quite heterogeneous and fragmented. Each server has its own agent managing certificates for specific domains; there is no central management or overview as you manage each agent separately. We assume that certificate automation will work smoothly, but you will still want to have an overview and at least monitor the certificate expiration on servers collectively. Wouldn't it be nice to have centralized management for all those separate agents?
Consolidating and controlling all ACME agents is possible through the DigiCert Automation Manager service. You can add all ACME-utilizing web servers to it, link them, and control them from one place. You can set up services on all configurable ports and specify which certificates should be sent to them. The Manager will take care of the rest.
DigiCert Automation Manager Does More
It is true that managing with ACME URL is suitable for servers, but it cannot be used for elements like load balancers. Typically, there is a challenge with domain verification - the authentication must go through DNS or the default method HTTP-01 and verification file. This is a problem with load balancers. You may also encounter situations where you want to secure a device not exposed to the internet. However, DigiCert Automation Manager can handle this.
If the ACME URL is unavailable, it will use REST API as an alternative. You set up the so-called sensors for each device, and they will be configured and managed by DigiCert. Once you set everything up, the rest will happen automatically. DigiCert Automation Manager can also handle cases where the ACME URL is insufficient.
Supported Servers and Devices
Supported load balancers:
- F5 BIG-IP LTM
- Citrix NetScaler
- A10
- AWS Application Load Balancer
- AWS Network Load Balancer
- AWS CloudFront (CDN)
Supported web servers:
- Apache HTTP Server
- Apache Tomcat
- NGINX
- IBM HTTP Server
- Microsoft IIS
How to Get DigiCert Automation Manager
Setting up automation and integrating it into existing processes is an individual matter. Contact us and we will help you find the best tailor-made solution for you.
