Automating manual tasks like requesting a new certificate and renewing expired certificates can increase the productivity of the public-key infrastructure (PKI) team by ~30% and help to digitize manual workflows.
The TLS Certificate management store application provides a platform-based approach to the lifecycle management of TLS certificates. This solution combined with task fulfillment can provide a methodical approach to the request management and renewal management process.
Compliance and security hygiene go hand in hand and strong TLS management is a priority. A lack of visibility to deployed TLS certificates and expiry of TLS certificates can result in service outages and data breaches. The largest consumer credit reporting company commented on how a “TLS certificate had expired about 10 months before the breach occurred, meaning that encrypted traffic was not being inspected throughout that period.”
Key Features
- Workflows for the request to fulfill/renew certificates via a Service Catalog.
- Policy-based framework to route digital certificate request/renewal and revoke workflows.
- Auto-discovery of TLS certificates in CMDB common service data model using IP/port scans and URL-based methods.
- Single pane of glass dashboard provides insights into workflow task management for the PKI team and provides comprehensive visibility to the deployment of certificates.
- Expiry pipeline view provides visibility to TLS certs expiring in 30, 60, and 90 days.
- Automatic Incident creation for expired TLS certificates.
- Discover, relate and reconcile cloud certificates (AWS/Azure/GCP certificate manager) to your cloud apps and compute
- Get ACME protocol support for multiple Certificate authorities with validation
Note: The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users' servers, allowing the automated deployment of public key infrastructure.
New
- Added archiving rules for unique certificates and their associated records.
- TLS Certificate request automated flow now supports EJBCA with ACME.
- Added the ability to discover root certificates stored off-site and connect them to the certificate chain.
Fixed
- Domain ID is resetting in 'Discovery Certificate Captured' and 'Discovery Device Complete' script actions.
- No longer creating tasks for Retired Certificates Discovered by the "Amazon AWS - Certificates Manager" pattern
- Resolved discrepancies in the root issuer name
- Polling job implemented for Microsoft CA Manual Approval flow
- Other less significant issues have also been addressed in this version
Required plugins and products
- ITOM Visibility subscription
- com.snc.cmdb.scoped (Configuration Management For Scoped Apps (CMDB))
- Discovery plugin (com.snc.discovery)
App dependency
- CMDB CI Class Models