SSL Certificate Management Problem
An IT system that had been running without any hiccups suddenly came down to halt, and it turned out to be an expired SSL certificate on one server. This kind of failure could happen to any IT system if there is no appropriate certificate management system in place. If you have growing number of server certificates you are probably facing the following challenges.
Server Certificates : Challenges for IT Managers
- Steps for generating private key / CSR too complex and error-prone.
- Steps for installing server certificate/key too complex and error-prone.
- Storage for private keys,passwords, certificates, purchase history, deploy history are not well managed or backed up.
Server Certificates : Challenges for IT Executives
- How to combat risks of system failures related to server certificates?
- Are expirations of various certificates scattered in company under our management ?
- Note it’s not only commercial certificates but also privately generated ones within the company.
- How can we optimze cost for purchasing increasing number of certificates?
Server Certificate Manager will address the challenges
Server Certificate Manager will realize the following
1) Acquire
|
With single click, generates private key and CSR |
2) Install
|
Automates installation of certificate and key to target servers |
3) Monitor / Discover
|
Monitors installed certificates. Also discovers unmanaged certificates used in server network |
4) Notify
|
Notifies statuses of certificate acquisition and deployment processes
|
Record/Retain
|
Records all certificates, keys and histories of acquisition/deployment/monitor |
Benefits
- Reduce operational cost by minimizing work of server engineers and bringing all control on server certificates to certificate administrators.
- Reduce security and availability risks for system failures by eliminating server certificate that are expired, mis-configured or non-compliant with company policies.
- Optimize costs for acquiring certificates by strategically planning certificate procurement, e.g., you could switch to the builtin private CA for some class of uses and to a lower-cost CA for others, or consolidate all certificates on a single CA thereby obtaining volume discount.
| Screen shot: in deployment process | Screen shot: Certificate status list |
 |
 |
System Requirements (as of 2010/4)
- Supported Platforms: Windows XP, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2
- Supported Target Servers: IIS, Exchange2007,JKS-generic, Apache/Linux, VMware ESXi and vCenter, other OSS servers.
(See release notes for complete list).
Other SSL-enabled server applications (manual certificate installation)
Product Information
- New: The product is now released, with numerous enhancements in usability and scalability since the last RC-3 version.
- Two-page product leaflet (letter size), VMware solution leaflet
- Technical white paper - Product Overview.
- We did a joint evaluation with major SI company in Japan - See here.
- The beta version was reviewed by SSLShopper.com.
- The latest version also includes check tool for SSL/TLS renegotiation vulnerability of servers. Please see this page for details.
- Test Report with Ubuntu Server 9.04
- Part 1: Planning for Acquiring and Deploying Certificates : PDF
- Part 2: Configuring SSL on Server : PDF
- Part 3: Defining Certificate Specs and Obtaining Certificates : (In translation)
- Part 4: Deploying and Monitoring Certificates : (In translation)
- Part 5: Best Practices for Security and Operations : (In translation)
Product Availability
- The version 1.0 of the product is now available. The software can be used as the Standard Edition for evaluation for 60 days. After that period, the software will operate as the Basic Edition of the product.
- The software and product documentation can be downloaded on Download page.
Product Editions and Pricing
- Server Certificate Manager Basic Edition
Offered as a freeware. Can manage up to five server certificates. It also has full-featured Certificate Discovery.
- Server Certificate Manager Standard Edition
The product is licensed based on the number of managed certificates and their types of management (either Monitored-only or Lifecycle-managed). - Other Customizations, etc
We can customize the software to suit your needs, such as automating enrollment with a specific CA whose products you are reselling. Please contact Kousec Software for details.
Inquiry
Please contact us.