Automation Gateway lives on-premises in an enterprise network to securely monitor, automate and process certificate lifecycle events through a controllable proxied connection. It is a communication bridge between DigiCert’s various management and automation tools, such as ACME, to simplify acquiring and deploying certificates. Deployment of this offering is a significant milestone in DigiCert’s vision to promote and enable crypto-agility and shorter certificate lifecycles. Automation is key in managing security events and responding to new threats.
“DigiCert is dedicated to creating robust management and automation tools that enterprises can use to simplify their security processes and increase web security. With the constant increase in threats, enterprises need agility in how they deploy and manage certificates throughout their organization,” said Jeremy Rowley, Chief of Product at DigiCert. "Many enterprises are wary of fully adopting automated PKI solutions because of the inherent risk of needing to open their network ports to the public internet. Automation Gateway removes that risk with trusted, automated controllers and proxies.”
Automation Gateway also offers failover to provide uninterrupted uptime and prevent outages. The gateway automatically replaces missing, expired or revoked certificates on connected devices. Using the gateway, any number of internal servers can be automatically updated. With smart meshed interaction, if one node goes dark in the network, devices may still acquire certificates and continue to function securely.
Previous industry events, such as the transition from SHA-1 to SHA-2, demonstrate the need for a more agile web PKI. In addition, CA/B Forum requirements specify that a certificate must be replaced within 24 hours for key compromise and similar events, and five days if information changes or there is a technical gap in certificate contents. Automation is critical in meeting these requirements.
Continued Rowley, “Automation Gateway in CertCentral will offer an intuitive experience, with smart software that remembers organizational security preferences and eliminates the manual configuration currently required for ACME certbot and other clients in use today."