Venafi Automates SSL Certificate Management - ' Page Three ' (
Page 3 of 4 )
AutoCerts Web-based dashboard gives each administrator an overview of the certificates for which they are responsible. Primary administrators, meanwhile, have access to views across the enterprise.
The dashboard provides special notifications for any expired or soon-to-expire certificates. A few canned reports are also available and provide the same information in exportable form, and it was a snap to configure AutoCert to send notifications via e-mail.
While AutoCert greatly simplifies the process of tracking certificate status across the network, its real power comes from its ability to request new certificates from multiple issuing authorities—all from a single console.
eWEEK Labs tested AutoCerts ability to generate and process certificate requests from VeriSign and from our internal Microsoft Certificate Authority, as well as its ability to automatically install the certificates on intended Web servers.
From the AutoCert Web interface, we could generate a CSR (certificate signing request) and choose the authority from which to request it. With the Clone button, we could easily duplicate existing requests. Wed like to see Venafi take things a step further, however, and allow administrators to configure and lock CSR templates. This would enable other administrators to manage requests without the risk of typing errors.
When AutoCert detects that a certificate is about to expire, it triggers the automated renewal process (if enabled). A color-coded status bar indicates where things stand as the request is generated, transmitted, approved, received, validated and installed.
Using our internal CA, the entire process took only a couple of minutes from notification to install. Renewal time varied during our testing with VeriSigns external CA, but the process worked without intervention.
Companies uncomfortable with automating the entire renewal process can choose to be notified only when a certificate is set to expire and initiate the renewal or replacement process manually from the AutoCert console.
eWEEK Labs installed AutoCert on a Windows Server 2003 Enterprise Edition with 512MB of RAM. We used the integrated MSDE 2000 database engine for our tests, but larger deployments should use an external SQL Server database instead for greater scalability.
AutoCert includes simple tools for backing up the database file to a network share.
We also appreciated AutoCerts redundancy features. AutoCert includes the ability to configure slave servers that come online in the event of failure at the main server. Slave servers are configured to replicate data from the master server and to monitor the masters status. If the master server does not respond within a certain amount of time (determined by the administrator), the slave machine becomes the master.
Next page: Evaluation Shortlist: Related Products.
