June 12, 2018 By jason-mcalpin 3 min read

Certificate Manager now Sends you Notifications before your Certificates Expire

Even the most successful or genius apps can fail if there are issues with availability. While development teams often engineer for availability, with lots of redundancy, health checks, and load balancing, sometimes outages occur because of simple human errors. One common error is that teams fail to renew SSL/TLS certificates on time.

SSL/TLS certificates are used to secure communication between two services, or between clients and your servers. SSL/TLS help ensure that information is sent between trusted entities by authenticating the server (and sometimes the client through mutual authentication). Then, traffic is encrypted before it is sent over the network, and only the trusted server can decrypt the traffic. This way sensitive data is protected from malicious entities who may intercept the traffic.

For security reasons, SSL/TLS certificates, are issued for only a set period of time (typically between 90 days and 1 year), and then have to be renewed. Once certificates are obtained, they are typically deployed in various locations that receive traffic for your apps, such as load balancers, and CDN services. Or for internal communication, developers generate self signed certificates, or certificates signed by internal PKI, and deploy these to various internal endpoints. What happens is that teams very often fail to keep track of where certificates are deployed and when they will expire, and then they experience outages, at a high cost.

To help address this issue, we have added notifications on expiring certificates as a new capability to IBM Cloud Certificate Manager. When you upload your third party certificates to Certificate Manager, and add a Slack web-hook for your Slack channel, Certificate Manager will send you Slack notifications at 90, 60, 30, 10, 1 days before your certificates expire. Certificate Manager will also send you notifications once your certificates expire, in case you didn’t remember to renew.

More broadly, Certificate Manager provides you with a secure repository for your SSL/TLS certificates and their associated private keys. Certificate Manager encrypts the certificates and keys, and uses key management best practices. You can configure access policies on specific certificates using IBM Cloud IAM capabilities, and actions performed on certificates and keys uploaded to Certificate Manager can be audited in IBM Cloud Activity Tracker. You can record additional metadata about certificates, such as where they should be deployed. Also, you can use the IBM Cloud Kubernetes CLI to securely deploy certificates to Kubernetes, or use Certificate Manager APIs to automate deployment to other endpoints.

Certificate Manager is available in US-South and is in Beta. Read docs here.

You can get help for technical questions at Stack Overflow, with the ‘ibm-certificate-manager’ tag, or for non technical questions at IBM developerworks with the ‘ibm-certificate-manager’ tag. For defect or support needs, use the support section in the IBM Cloud menu. We would love to hear your feedback!

To get started with Certificate Manager, check it out In the IBM Cloud catalog!

More from Announcements

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

IBM and SAP unlock business and industry value with new generative AI solutions 

3 min read - IBM Consulting is delivering on our commitment to co-innovate with SAP and collaborate with our clients. As part of our Value Generation Partnership initiative announced earlier this month with SAP, we are releasing the first 10 of 100 planned AI solutions to help clients transform their industries, optimize their business processes and successfully deliver their SAP programs.  Delivering AI business and industry innovation at scale  With the recently announced Value Generation Partnership initiative, IBM and SAP are co-innovating intelligent industry…

IBM SevOne 7.0: Reaching application-centric multicloud network observability  

2 min read - As enterprises increasingly rely on network connectivity to support cloud-based applications and remote workers, network managers require new methods to monitor and safeguard connectivity across diverse environments, including corporate networks, software-defined WANs and multiple public cloud providers.   According to the recent EMA Network Megatrends Report, responding network professionals believe that 53% of network outages and performance issues could be prevented with improved network management tools, yet only 9% find it very easy to hire skilled networking personnel. This is why…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters