Useful Automated Tool to manage End to End Life Cycle of SSL Certificate Management
Use Cases and Deployment Scope
We use ManageEngine Key Manager plus to manage our SSL Certificates. We have SSL Certificates deployed in more than 50 Plus Web Applications and manually maintaining the renewals of each SSL certificate was a difficult task and there was no visibility that the SSL is deployed in which web apps since we are large financial services having 6 big companies and network is very complex in nature having presence in on-prem and in multi-cloud environments. We were maintaining SSL Certificate information in excel sheet and we had issues in renewing the SSL Certificates as the process got delayed as we did not have an alert mechanism to tell us the expiry date of the SSL Certificate and many times we were at risk of not renewing before expiry. Currently, we had deployed 2 instances (On Cloud and on Prem Setup).
Pros
- SSL Certificate Discover Feature.
- User Friendly Dashboard.
- Automated Alerts to tell about expiry of the Certificate.
- Different User Profiles can be configured.
- Various Reports available to download.
- Stable Product.
Cons
- False Positives Issues (Sometimes getting alerts for certificates that are already renewed).
- Alerting Emails can be improved.
- Audit Trail need to be improved.
Likelihood to Recommend
The tool is really good for the enterprise having major exposure to public-facing web applications and this can be used to maintain the SSL Certificate Inventory and automated alerts can be set so that SSL Certificates can be renewed before the expiry. Organizations who don't have the visibility of the SSL Certificate deployed across various and then tool can be used to identify the certificates and inventory can be prepared. This tool must be handled by Information Security Team since the private key information is confidential in nature. This tool has the capability to extract the information from various cloud instances including Azure, GCP, and AWS. I will not recommend this tool for organizations that don't have many public-facing apps and for 8 to 10 apps this can be managed manually rather than purchasing this tool.
