Jump to content
Welcome to our new Citrix community!
  • Automate SSL certificate lifecycle with NetScaler ADM and Venafi integration


    Guest Sara Austin
    • Validation Status: Validated
      Has Video?: No

    Automate SSL certificate lifecycle with NetScaler ADM and Venafi integration

    Submitted March 22, 2021

    Author: Emile Antone

     

    This blog post was co-authored by Asit Mohapatra, Senior Product Manager.

    There are two actors on a network — people and machines. People rely on usernames and passwords to identify themselves to machines so they can get access to networks and data. Cryptographic keys and digital certificates identify and authenticate machines. As the number of machines increases, driven by digital transformation and the emergence of various machine types — applications, cloud workloads, virtual machines, containers, IoT, and more — these machine identities become more critical.

    SSL certificates are integral to application security today, and many enterprises still struggle with machine identity management. Expired certificates make content inaccessible, hurting brand reputation and revenue. Fortunately, NetScaler Application Delivery Management (ADM) and Venafi offer a better, simpler solution. To see a demo of our joint solution for streamlining machine identity management and SSL certificate management, watch the webinar.

    NetScaler ADM streamlines the typically arduous process of implementing and maintaining SSL certificates and offers a centralized, intuitive dashboard for at-a-glance management of your entire SSL infrastructure. In a previous blog post, we detailed just how easy NetScaler ADM makes it to create, install, monitor, and automatically renew SSL certificates across multiple NetScaler ADC instances.

    Today, we are excited to announce the NetScaler ADM service integration with Venafi Trust Protection Platform.

    Venafi is the leading provider of machine identity management solutions used to secure some of the largest, most sensitive networks in the world. The Venafi Trust Protection Platform improves the security posture of the enterprise with increased visibility, threat intelligence, policy enforcement, and faster incident response for certificate-related outages and compromises that leverage misused machine identities.

    Previously, a network admin who had to create a certificate signing request for the public key infrastructure team handled the creation or renewal of each SSL certificate. This team would then work with a certificate authority to get a certificate, which would then be installed on the NetScaler ADC and bound to the application’s virtual servers. This process involved a number of steps and multiple teams and offered less visibility into expiring or non-compliant certificates.

    With Venafi integration from the NetScaler ADM app dashboard, SSL certificate lifecycle management is streamlined and no longer demands the attention and time of various teams in the organization. NetScaler ADM role-based dashboards allow application owners to monitor, create, renew, and bind SSL certificates for their applications through Venafi independently, without involving network admins.

    Let’s look at how NetScaler ADM further simplifies every stage of the certificate lifecycle with this new workflow.

    Identifying Expiring and Noncompliant Certificates

    Application admins can now easily monitor certificates bound to their applications. They are notified if any certificates are due for expiry or if any of their certificates do not comply with their enterprise’s SSL policies. These potential issues appear as negative impacts on an application score in NetScaler ADM, enabling the admin to take proactive action to keep certificates up-to-date and fully compliant.

    image.jpg.e62013bb42d519e8b74fe521e036529d.jpg
    NetScaler ADM app dashboard identifies all SSL certificate issues affecting an application.

    Creating a Certificate Signing Request (CSR) and Issuing or Renewing Certificates

    Application admins can now create Certificate Signing Requests (CSR) from the NetScaler ADM app dashboard, leveraging integration with the Venafi platform to issue and renew certificates from any of the 40+ certificate authorities integrated with Venafi. For the application owners, this means that a process that used to take a few days now only needs a couple of minutes — and can even be done proactively with automated renewals.

    Installing a Certificate on NetScaler ADC and Binding it to the Virtual Server

    Application admins can now install their applications’ SSL certificates on the NetScaler ADC instance and bind certificates to the virtual servers from within the NetScaler ADM app dashboard.

    Automating Certificate Renewal

    After integrating the Venafi platform with NetScaler ADM service, NetScaler ADM can automatically renew and deploy SSL certificates from Venafi and deploy them across the entire NetScaler ADC fleet.

    Setting up automatic renewal is easy. Just configure a few parameters to fit your needs. NetScaler ADM lets you enable or disable automatic renewal, choose the number of days before renewal, enter an encryption password, and automatically deploy to NetScaler ADC instances after renewal. So, after certificates are issued for the first time, NetScaler ADM will do all the routine work of checking expiration dates and keeping your certificates up to date.

    image.jpg.472ad832f40f9d8f52ca90c95a5e5569.jpg
    Comparison of SSL certificate lifecycle management before and after Venafi integration (click image to view larger).

    As cybersecurity continues to be one of the most important considerations for enterprises today, we are excited about expanding NetScaler ADM’s machine identity management capabilities to help our customers be proactive and efficient in monitoring and managing their certificates while maintaining a consistent security posture across their entire environment.


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...