Automate SSL certificate management 编辑

Automate SSL certificate management

To maintain digital security, you must automate management of SSL certificates in your environment. You need ways to proactively manage and monitor all the certificates, notify you of certificates due for expiry, and automatically renew the certificates before they expire. Expired SSL certificates lead to security risks. You can configure Venafi Trust Protection Platform servers with Citrix ADM to automate management of SSL certificates installed on ADC instances.

By using Venafi with Citrix ADM, you can manage the SSL certificates through their entire lifecycle. You can do the following tasks in the Citrix ADM Application dashboard:

  • Check SSL issues and application scores.
  • Troubleshoot SSL issues and apply suggested remediation.
  • Check certificates bound to an application.
  • Create, install, and renew certificates quickly.
  • Automate renewal of certificates.
  • Secure applications by binding generated certificates to ADC virtual servers.
  • Check all the SSL task-related logs on a particular application.

Configure a Venafi server on Citrix ADM

Configuring a Venafi server is a two-step process. First, you add the Venafi server on Citrix ADM. Next, you configure the policies on the Venafi server. To add the Venafi server on Citrix ADM, from the Citrix ADM GUI, navigate Infrastructure > SSL Dashboard > Third party CA. Click Add.

Add Venafi server

Enter the details in the fields provided. Check the Auto-Renew option if you want the certificates to be renewed automatically. For details about each field, hover over the field and click the i icon.

Note

The policy folder must have subfolders configured in it.

Example:

"policy_folder": "\\VED\\Policy\\TLS

TLS Certificates

Citrix ADM"

After you’ve configured the Venafi server, you can use the Citrix ADM dashboard to manage your SSL certificates.

Manage SSL certificate lifecycle

The application dashboard is a one-stop place to manage your SSL certificates end to end. From the Citrix ADM GUI, navigate to Applications > App Dashboard. Under Issue Categories select SSL Config. Under Current Issues, you can see the SSL-related issues of your applications. To see the SSL report, under Applications, hover over the app. To see details of the report, click the app. In this example, we have an application with a score of 27.

Application dashboard for SSL config

Further, you can filter your issues using Application Scores such as critical or review. The SSL application scores are based on SSL parameters, which are enabled by default under Manage Apps settings in the upper right corner of the dashboard.

SSL config parameter

To disable any of the SSL parameters, clear the box and click OK. To see the details of the SSL report, under Applications, click the app for which you want to see the report.

SSL config performance

You can check performance score and scroll down the page to see details such as the virtual servers that the app has and the certificates bound to the virtual servers and the issues with the certificates. To see details of the certificate, click the link under Certificate Name. For an expired certificate, can you can renew it.

Renewing the certificate involves creating the certificate, installing it, and binding it to the virtual server.

Check SSL certificate and renew

Note

When you add a Venafi server on Citrix ADM, if you enable the auto-renewal option, certificates are automatically renewed before expiry.

Clicking Renew the SSL Certificate takes to the SSL tab, which lists all the certificates bound to the virtual servers of the application. Using this tab you can create and install certificates and bind them to the virtual servers. Also, you can check all the SSL task-related logs on a particular application on the SSL task-related logs on a particular application.

SSL tab

To create a certificate, click Create Certificate and enter the details. Provide a password as downloaded certificates are encrypted and click Create. Citrix ADM contacts the Venafi server to create the certificate. Click Close when the certificate is downloaded.

Create certificate using Venafi

Next, on the SSL tab click Install Certificate. Select the downloaded certificate and click Install. For more information about how to install an SSL certification on ADC, using Citrix ADM, see the section on installing an SSL certificate from Citrix ADM in the topic Install SSL certificates on a Citrix ADC instance.

Next, click Bind Certificate. You can also unbind a certificate if necessary. After the next SSL polling, the Application dashboard is refreshed with the new data. If you want to check all SSL task logs on a particular application click Certificate Task Log.

Certificate task log

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:89 次

字数:7048

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文