Over the past few months, we have been doing hundreds of SSL health assessments to companies around the world. Unfortunately, the results usually indicate that the companies still have a lot of work to do to meet our security requirements across all their domains. However, there was one company that after doing the scan got an “A” grade in most of their domains, I had to run the scan again because I could not believe what I was seeing. During our meeting where we were going over the results with their IT team I told them that I was impressed by their results and that they were the best company we have ever scanned. Their response was the biggest surprise I got, instead of them talking about how they have invested a lot of time into ensuring that their SSL Certificates are up to date and have a full team looking at their certificate health, they just looked at each other and said: “I guess the free certificate thing we moved to a few months ago was a good decision.” Showing that the best way to secure our endpoints is not throwing a bunch of experts and manually managing the security, but to remove the human from the equation and automate the security.
Well after reading that you are wondering what is this new technology this company used to automate their certificate issuance and the answer to that is they were issuing Let’s Encrypt certificates using the ACME protocol this protocol has been widely adopted by the community and there are plugins for most web hosting options (such as Kubernetes, IIS, Apache web servers, AWS, Azure, and more) to automatically issue and rotate certificates using ACME. Allowing DevOps engineers to set and forget their SSL certificates, fully removing the human out of the equation and preventing the costly SSL related outages that 80% of organizations have experienced in the last 2 years.
ACME’s popularity has exponentially risen over the past 5 years and currently is used by over 260 million websites around the world to issue their SSL certificates. However, this amazing technology is not currently supported by Microsoft’s PKI offering ADCS, meaning that engineers still need to manually manage their internal SSL certificates. Costing companies millions of dollars on wasted engineering hours and outages.
Our EZCA tool enables you to extend your existing PKI to issue certificates with the ACME protocol while also giving you full visibility into all your organization’s certificates. Allowing your engineers to automate themselves out of the certificate management tasks that get on the way of their main job functions while giving your security team full visibility into all your organization’s certificates allowing them to find issues before they become a larger problem.
To learn more about how you can automate your certificate lifecycle schedule a free PKI consultation with one of our experts