Best Practices 04-21-2021

DigiCert Automation Manager – Prevent Certificate Outages from Inside Your Firewall

Brian Trzupek

DigiCert offers many solutions for managing certificates with automation and discovery. Until now, our offerings have mostly focused on operating from our data centers. With digital transformation advancing at a rapid pace, and the growing volumes of certificates organizations need to manage, it’s time to take automation to the next level. Enterprises need a solution that they can trust behind the corporate firewall to have visibility into all their certificates and to orchestrate a process that puts outages and compliance failures in the past.

As part of our continued focus on modernizing PKI management, we’re now introducing DigiCert® Automation Manager. Our initial release today establishes an industry-leading architecture not currently offered by other Certificate Authorities (CAs) and paves the way for continuous innovation and development. This highly scalable, cloud-native architecture is the foundation for all our products and services going forward.

We invite you, our customers, to join us on this automation journey as we begin to unlock complete automation within the corporate network, in your datacenter and for all of your certificate needs. Talk to your account representative to get access to Automation Manager to enable secure digital transformation and scale your web PKI safely and efficiently. Deploy it today and start planning for the management of your growing ecosystem of digital certificates.

Why automate now?

We’ve covered many of the reasons to implement PKI automation in a previous post, but it’s worth repeating that automation is critical now, with shortening certificate lifetimes and larger scale of certificate networks. Today, identities are everywhere including machines, devices, users, web servers and more, and all need to be managed in a way that ensures confidentiality and integrity. Certificates provide this critical identity fabric, along with authentication, encryption and integrity. However, at this scale, without automation, organizations struggle to prevent outages and provision certificates quickly enough. Plus, human error leaves the door open to misconfigure certificates, not to mention the amount of time it takes a human to manually manage digital certificates. It takes on average over two hours to manually renew a certificate, and the average cost of an outage is $5,600 per minute.

But cost is just one issue. According to a 2021 State of PKI Automation survey, challenges managing digital certificates lead to compliance issues (54%), security issues (53%) and cost issues (53%). Implementing PKI automation can free up your IT team to focus on priority projects and is less costly than having human labor do the same job. Humans are prone to error, and it’s difficult for humans to manage the ever-growing network of certificates and keep up with industry changes and evolving threats. In this modern environment, automation is the easy way to manage web PKI.

In sum, web PKI automation helps to:

  • Scale safely and efficiently
  • Prevent outages
  • Secure digital transformation
  • Modernize with speed and agility
  • Respond quickly to vulnerabilities and industry changes
  • Decrease the potential of human error
  • Respond quickly to industry changes
  • Protect against evolving web threats and future threats like quantum computing

About DigiCert Automation Manager

DigiCert® Automation Manager solves both the management and security problems posed by automating large numbers of TLS/SSL certificates in a complex, distributed network. Automation Manager establishes the foundation for complete, on-premises certificate management behind the firewall, to complement DigiCert’s current cloud offerings. Automation Manager is a single on-premises container-based system that meets even the most demanding security and TLS management requirements. By establishing a single point of control through a modern UI, Automation Manager saves time, reduces security risk and streamlines the daily workflows of IT professionals who would otherwise struggle to manage high volumes of certificate automation.

This release of Automation Manager will focus on load balancers and network appliances; however, future updates will include web servers, even ones placed behind firewalls, along with a host of other features. This allows your organization to have a single and secure connection point outside your firewall to obtain and manage certificates, rather than many bespoken connections from individual servers.

Automation Manger is also fully compatible with Automation Wizard, an intelligent tool that guides administrators to select and configure the right automation solutions for their specific use cases.

How can you use Automation Manager?

Automation Manager utilizes DigiCert’s modern cloud-native architecture in DigiCert ONE and deployment strategies to allow customers to make use of existing cloud infrastructure for a new era of on-premises deployment. With it, you can automate the certificate lifecycle of your TLS/SSL certificates.

It also:

  • Provides a lightning-fast, standards-based deployment mechanism.
  • Simplifies certificate administration through a single pane of glass for both public and private certificates.
  • Reduces network complexity, utilizes only a single, secure API connection on port 443 back to DigiCert, for all your servers.
  • Auto-renews certificates to keep them current and prevent downtime.
  • Gives you comprehensive visibility over your certificate inventory.
  • Allows you to schedule certificate renewal in advance.
  • Currently supports popular load balancers (i.e., F5, AWS, A10), with support for popular web servers such as Apache, Nginx and IIS coming soon.

How to deploy Automation Manager

We made Automation Manager as easy to set up as we can, so you can start enjoying the benefits of PKI automation right away.

Here’s how to do deploy DigiCert Automation Manager:

  1. Talk to your account manager and let them know you’re interested in using Automation Manager. They will provide you with a license to activate Automation Manager.
  2. Make sure you have a CertCentral Enterprise account or set up an account.
  3. Deploy DigiCert ONE and sign in. In the Manager menu on the top right of the page, choose Automation Manager.
  4. Once you are in Automation Manager, you will see the Dashboard with a setup wizard. Follow the wizard’s steps to configure certificate lifecycle management for Load Balancers.
  5. Begin monitoring and automating certificate lifecycle events.

Set up Automation Manager in DigiCert ONE

Figure 1 - Set up Automation Manager in DigiCert ONE


Get early access

DigiCert is taking an important step in our automation journey to modernize PKI with automation solutions your enterprise will need in the coming years. Automation Manager is an on-premises solution and will help lay the foundation for all of our products and services in the future. As the world’s leading CA, we employ the industry’s leading minds in PKI from around the globe and will continue to offer innovative features in Automation Manager throughout 2021 to make automation even more streamlined.

Your enterprise can be an early user of DigiCert Automation Manager and contribute to future development of the product. Early adopters of Automation Manager will be positioned for future innovations that support their secure digital transformation. Interested CertCentral Enterprise customers can contact their DigiCert account representative to get started, and anyone may request a demonstration to learn more.

The digital world is turning into a sprawling mesh of connection points. Learn more about how to unify and simplify your expanding security environment in our new webinar. Register now.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 

6 reasons signed SBOMs are essential to software security


How—and why—to automate certificate management