Hey everyone, with the reduction in certificate lifetimes coming next year, I'm curious if anyone has practical experience with implementing ACME in a medium-sized corporate setting. We handle around 200 public SSL certificates and a similar number of internal certificates each year. These certificates are used across various services like NetScalers, Azure instances, websites, Windows servers, and a few Linux appliances. We're looking for a comprehensive solution that can manage the entire lifecycle of our certificates, including issuance, monitoring, reporting, and renewal. We might also need a partner to help with configuration and deployment. Any recommendations? Thanks!
4 Answers
While it might seem like there isn't a perfect solution, options do exist out there. Companies like DigiCert and ServiceNow provide products tailored for automated certificate management. With a complex IT environment like yours, investing in a commercial solution might save you from the hassle of writing custom scripts, especially since you mentioned a large IT department with various skill levels.
For sure! And considering the scale of certs you're managing, it might be worth the investment to avoid potential downtime or security issues.
When it comes to automation, think of certificates as simple text files. If you're okay with managing the certs on a more granular level, you can use scripts that handle uploads or SSH commands directly. It's just about finding the right balance between automation and oversight.
If you're using internal CAs, remember you can technically still issue longer-life certs since those rules mainly apply to public certificates. Also, there are different protocols beyond ACME for certificate automation, and many clients available to help manage these processes.
There's really no single solution that does everything automatically at a corporate level. It's best to automate certificate management as part of your overall infrastructure automation. Tools like Certbot, Lego, or acme.sh are popular choices. Just keep in mind that monitoring and management are separate tasks; you'll need different tools for those functions.
Yeah, I agree! Custom coding can be a nightmare if you don't have the right expertise. Going for a commercial option could streamline the whole process and make maintenance much easier.