Venafi Inc.s AutoCert Manager 4.1 significantly reduces the time and manual effort needed to manage SSL digital certificates. AutoCert Manager, released in February, acts as a certificate clearinghouse, tracking certificate information and status across the enterprise and enabling automated renewal even in complicated environments that utilize multiple signing authorities. For ably solving a management problem that, left unchecked, could affect the publics trust in a companys brand, eWEEK Labs awards AutoCert Manager 4.1 our Analysts Choice designation. At this time, AutoCert Manager is focused on managing certificates for Web servers, Secure Sockets Layer accelerators and IBM WebSphere MQ servers. AutoCert supports most common Web servers, including Apache and Microsoft Corp.s Internet Information Services 5.0 and 6.0, as well as load balancers from F5 Networks Inc. and Redline Networks Inc. (For a complete rundown of systems supported, check out www.venafi.com/product/datasheet.pdf.) However, there is plenty of room in AutoCert for future growth, capitalizing on enterprises continued adoption of client certificates to secure VPN, wireless and other links.In addition to automating the certificate-generation process with a number of external CAs, AutoCert can manage certificates generated internally with the Microsoft Certificate Authority system that comes with Windows 2000 Server and Windows Server 2003. Pricing for AutoCert Manager 4.1 ranges from $150 to $250 per managed Web server, depending on the complexity of the deployment. The number of servers managed, the levels of automation desired and the diversity of CAs used will all factor into the final price. In the simplest usage scenario, AutoCert acts as a specialized port scanner, detecting Web servers on the network. During tests, eWEEK Labs kicked off a scan of our entire test network to determine how many Web servers were active on TCP ports 80 and 443. Most enterprises will likely have third-party vulnerability scanning software already in place, and wed like to see Venafi add the ability to import results from these products. As part of the scan, AutoCert initiates a standard connection to any Web server found and collects any certificate information it encounters. (A Web server certificates issuing authority and the certificates expiration date are public informationjust click on the lock icon in your browser and take a look.) AutoCert then adds all found servers and certificates to the Discovery Queue in the administrative console. From the Discovery Queue, we easily configured our servers for ongoing management with AutoCert. We assigned an AutoCert administrative group by filling out pertinent Web server and operating system version information. We also configured SSH (Secure Shell) log-in information for the servers, which allows AutoCert to securely install certificates. AutoCert also supports Telnet communications to Web servers, although use of Telnet is not recommended because it lacks encryption capabilities. Venafi supports multiple nested administrative groups. We were, therefore, able to assign control of a subset of our servers and certificates to specific administrators. This will let administrators delegate responsibility to individual departments while maintaining centralized oversight in the process. Next page: Dashboard gives administrators an overview.
While external CAs (certificate authorities) such as VeriSign Inc. and Entrust Inc. offer tools that help corporate customers track, request, renew and revoke certificates, AutoCert is the first tool weve seen that can manage the process among multiple CAs.