Introducing IBM Cloud Certificate Manager – Manage SSL/TLS Certificates for your apps

Introducing IBM Cloud Certificate Manager

We are excited to announce IBM Cloud Certificate Manager in Beta, a service to help you manage SSL/TLS certificates for your apps and services! Certificate Manager provides you with a secure repository to store your certificates and their associated private keys, and gives you tools to manage the life-cycle of certificates, so that you can continually secure your apps with HTTPS.

What is HTTPS?

Let’s say you are buying a book online and asked to enter your credit card number at checkout. How do you know that you are submitting your payment info to a legitimate website? And more than that – how can you be sure that an eavesdropper on your wi-fi network can’t steal it? HTTPS provides that protection. When you connect to an HTTPS secured site, your browser will verify that the website you are communicating with is legitimate by checking that website’s SSL/TLS certificate. Once verified, data sent between your browser and the website will be encrypted, so that no eavesdropper can read it. You’ll recognize sites that have HTTPS enabled by the green lock icon displayed in the address bar.

How do you get an SSL/TLS certificate?

SSL/TLS certificates are issued to a specific domain or sub-domains by certificate authorities, also known as CAs. A certificate authority does the due diligence to make sure that at minimum you are responsible for the domain, and that you are a reputable organization. They then issue a certificate that is digitally signed, allowing your browser to verify that it was issued by a legitimate CA. Browsers come with a pre-built set of root certificates they trust. In practice, root certificates are not used to sign end certificates because the private key of the root certificate must be protected. Instead, a chain of intermediate certificates is typically used between the end certificate and the root, and that chain is verified by the browser.

What do you do with your SSL/TLS Certificate?

Once you get a certificate, you are responsible for installing it on your system. The certificate you get is valid only for a period of time, so you are also responsible for renewing the certificate every time before it expires. This is really important, since expired certificates can cause service disruptions. Throughout your usage of certificates, you’ll want to protect their associated private keys. Stolen keys can mean compromised data, so you’ll need good governance of access to certificates. Sometimes certificates need to be rekeyed or replaced to meet new security or compliance requirements that your organization has, so you need visibility into which certificates are used where, and a way to easily identify certificates that need to be replaced. Finally, you’ll want an easy and secure way to deploy out your certificates to services that do SSL/TLS termination in a cloud environment, like your application load balancer.

IBM Cloud Certificate Manager

IBM Cloud Certificate Manager simplifies a lot of the tasks of certificate management. With Certificate Manager, you get a secure repository to store and centrally manage your certificates. When you upload a certificate that you obtained for your custom domain from a certificate authority, Certificate Manager will store it in an encrypted repository, and you get a central view of all your certificates and where they are in use. When you want to deploy your certificate, use the Certificate Manager API or console to retrieve your certificate. Certificate Manager helps you keep track of when your certificates are going to expire, so that you’ll remember to renew them on time. Certificate Manager is also integrated with IBM Cloud IAM, so you can control access to certificates with IAM policies, and with IBM Cloud Activity Tracker, so you can audit certificate usage and management activities.

We’d love to hear your feedback!

Certificate Manager is available now in the US-South region, and is free to use. This is the first step we are taking to help you easily and securely manage certificates, and enable HTTPS for your cloud based apps. We’d love to hear from you with feedback and questions. Get help for technical questions at Stack Overflow, with the ‘ibm-certificate-manager’ tag, or for non technical questions at IBM developerworks with the ‘ibm-certificate-manager’ tag. For defect or support needs, use the support section in the IBM Cloud menu.

To get started with Certificate Manager, check it out in the IBM Cloud catalog!.

More from Cloud

Clients can strengthen defenses for their data with IBM Storage Defender, now generally available

2 min read - We are excited to inform our clients and partners that IBM Storage Defender, part of our IBM Storage for Data Resilience portfolio, is now generally available. Enterprise clients worldwide continue to grapple with a threat landscape that is constantly evolving. Bad actors are moving faster than ever and are causing more lasting damage to data. According to an IBM report, cyberattacks like ransomware that used to take months to fully deploy can now take as little as four days. Cybercriminals…

2 min read

Integrating data center support: Lower costs and decrease downtime with your support strategy

3 min read - As organizations and their data centers embrace hybrid cloud deployments, they have a rapidly growing number of vendors and workloads in their IT environments. The proliferation of these vendors leads to numerous issues and challenges that overburden IT staff, impede clients’ core business innovations and development, and complicate the support and operation of these environments.  Couple that with the CIO’s priorities to improve IT environment availability, security and privacy posture, performance, and the TCO, and you now have a challenge…

3 min read

Using advanced scan settings in the IBM Cloud Security and Compliance Center

5 min read - Customers and users want the ability to schedule scans at the timing of their choice and receive alerts when issues arise, and we’re happy to make a few announcements in this area today: Scan frequency: Until recently, the IBM Cloud® Security and Compliance Center would scan resources every 24 hours, by default, on all of the attachments in an account. With this release, users can continue to run daily scans—which is the recommended option—but they also have the option for…

5 min read

Modernizing child support enforcement with IBM and AWS

7 min read - With 68% of child support enforcement (CSE) systems aging, most state agencies are currently modernizing them or preparing to modernize. More than 20% of families and children are supported by these systems, and with the current constituents of these systems becoming more consumer technology-centric, the use of antiquated technology systems is archaic and unsustainable. At this point, families expect state agencies to have a modern, efficient child support system. The following are some factors driving these states to pursue modernization:…

7 min read