December 19, 2017 | Written by: Carmel Schindelhaim
Categorized: Products | Security
Share this post:
Introducing IBM Cloud Certificate Manager
We are excited to announce IBM Cloud Certificate Manager in Beta, a service to help you manage SSL/TLS certificates for your apps and services! Certificate Manager provides you with a secure repository to store your certificates and their associated private keys, and gives you tools to manage the life-cycle of certificates, so that you can continually secure your apps with HTTPS.
What is HTTPS?
Let’s say you are buying a book online and asked to enter your credit card number at checkout. How do you know that you are submitting your payment info to a legitimate website? And more than that – how can you be sure that an eavesdropper on your wi-fi network can’t steal it? HTTPS provides that protection. When you connect to an HTTPS secured site, your browser will verify that the website you are communicating with is legitimate by checking that website’s SSL/TLS certificate. Once verified, data sent between your browser and the website will be encrypted, so that no eavesdropper can read it. You’ll recognize sites that have HTTPS enabled by the green lock icon displayed in the address bar.
How do you get an SSL/TLS certificate?
SSL/TLS certificates are issued to a specific domain or sub-domains by certificate authorities, also known as CAs. A certificate authority does the due diligence to make sure that at minimum you are responsible for the domain, and that you are a reputable organization. They then issue a certificate that is digitally signed, allowing your browser to verify that it was issued by a legitimate CA. Browsers come with a pre-built set of root certificates they trust. In practice, root certificates are not used to sign end certificates because the private key of the root certificate must be protected. Instead, a chain of intermediate certificates is typically used between the end certificate and the root, and that chain is verified by the browser.
What do you do with your SSL/TLS Certificate?
Once you get a certificate, you are responsible for installing it on your system. The certificate you get is valid only for a period of time, so you are also responsible for renewing the certificate every time before it expires. This is really important, since expired certificates can cause service disruptions. Throughout your usage of certificates, you’ll want to protect their associated private keys. Stolen keys can mean compromised data, so you’ll need good governance of access to certificates. Sometimes certificates need to be rekeyed or replaced to meet new security or compliance requirements that your organization has, so you need visibility into which certificates are used where, and a way to easily identify certificates that need to be replaced. Finally, you’ll want an easy and secure way to deploy out your certificates to services that do SSL/TLS termination in a cloud environment, like your application load balancer.
IBM Cloud Certificate Manager
IBM Cloud Certificate Manager simplifies a lot of the tasks of certificate management. With Certificate Manager, you get a secure repository to store and centrally manage your certificates. When you upload a certificate that you obtained for your custom domain from a certificate authority, Certificate Manager will store it in an encrypted repository, and you get a central view of all your certificates and where they are in use. When you want to deploy your certificate, use the Certificate Manager API or console to retrieve your certificate. Certificate Manager helps you keep track of when your certificates are going to expire, so that you’ll remember to renew them on time. Certificate Manager is also integrated with IBM Cloud IAM, so you can control access to certificates with IAM policies, and with IBM Cloud Activity Tracker, so you can audit certificate usage and management activities.
We’d love to hear your feedback!
Certificate Manager is available now in the US-South region, and is free to use. This is the first step we are taking to help you easily and securely manage certificates, and enable HTTPS for your cloud based apps. We’d love to hear from you with feedback and questions. Get help for technical questions at Stack Overflow, with the ‘ibm-certificate-manager’ tag, or for non technical questions at IBM developerworks with the ‘ibm-certificate-manager’ tag. For defect or support needs, use the support section in the IBM Cloud menu.
To get started with Certificate Manager, check it out in the IBM Cloud catalog!.