Security

Certificate Manager now Sends you Notifications before your Certificates Expire

Share this post:

Even the most successful or genius apps can fail if there are issues with availability. While development teams often engineer for availability, with lots of redundancy, health checks, and load balancing, sometimes outages occur because of simple human errors. One common error is that teams fail to renew SSL/TLS certificates on time.

SSL/TLS certificates are used to secure communication between two services, or between clients and your servers. SSL/TLS help ensure that information is sent between trusted entities by authenticating the server (and sometimes the client through mutual authentication). Then, traffic is encrypted before it is sent over the network, and only the trusted server can decrypt the traffic. This way sensitive data is protected from malicious entities who may intercept the traffic.

For security reasons, SSL/TLS certificates, are issued for only a set period of time (typically between 90 days and 1 year), and then have to be renewed. Once certificates are obtained, they are typically deployed in various locations that receive traffic for your apps, such as load balancers, and CDN services. Or for internal communication, developers generate self signed certificates, or certificates signed by internal PKI, and deploy these to various internal endpoints. What happens is that teams very often fail to keep track of where certificates are deployed and when they will expire, and then they experience outages, at a high cost.

To help address this issue, we have added notifications on expiring certificates as a new capability to IBM Cloud Certificate Manager. When you upload your third party certificates to Certificate Manager, and add a Slack web-hook for your Slack channel, Certificate Manager will send you Slack notifications at 90, 60, 30, 10, 1 days before your certificates expire. Certificate Manager will also send you notifications once your certificates expire, in case you didn’t remember to renew.

More broadly, Certificate Manager provides you with a secure repository for your SSL/TLS certificates and their associated private keys. Certificate Manager encrypts the certificates and keys, and uses key management best practices. You can configure access policies on specific certificates using IBM Cloud IAM capabilities, and actions performed on certificates and keys uploaded to Certificate Manager can be audited in IBM Cloud Activity Tracker. You can record additional metadata about certificates, such as where they should be deployed. Also, you can use the IBM Cloud Kubernetes CLI to securely deploy certificates to Kubernetes, or use Certificate Manager APIs to automate deployment to other endpoints.

Certificate Manager is available in US-South and is in Beta. Read docs here.

You can get help for technical questions at Stack Overflow, with the ‘ibm-certificate-manager’ tag, or for non technical questions at IBM developerworks with the ‘ibm-certificate-manager’ tag. For defect or support needs, use the support section in the IBM Cloud menu. We would love to hear your feedback!

To get started with Certificate Manager, check it out In the IBM Cloud catalog!

Offering Manager - Cloud Developer Services - Security

More Security stories
October 22, 2018

Use Your Own Provider for Mail Sent with IBM Cloud App ID

With IBM Cloud App ID’s Cloud Directory feature, you can add sign-up and sign-in to your mobile or web apps and create a user registry to manage users. Cloud Directory supports sending email messages to your users to verify their email address, allows them to reset their password, and more.

Continue reading

October 8, 2018

IBM Key Protect is Now Available for IBM Cloud Kubernetes Service

Having the ability to use encryption key management to protect applications and support data in a public cloud environment is a critical component of all enterprise security governance protocols. IBM’s key management service, IBM Key Protect, is now supported for use by IBM Cloud Kubernetes Service.

Continue reading

September 11, 2018

IBM Key Protect Now Available in U.S. East Region on IBM Public Cloud

We're excited to announce that we are adding to our U.S. geographical coverage, and IBM’s key management service, IBM Key Protect, is now available in the U.S. East region based out of Washington D.C.

Continue reading