Machine identities, such as TLS or SSL certificates, are a critical part of the data authentication process because they help to verify the identities of machines and encrypt traffic. While SSL certificates are integral to application security today, many enterprises still struggle with machine identity management. Expired certificates lead to content inaccessibility, hurting brand reputation and revenue. Fortunately, Citrix Application Delivery Management (ADM) and Venafi offer a better, more simple solution.
Today, Citrix is excited to announce the Citrix ADM service is integrated with the Venafi Trust Protection Platform.
Citrix ADM streamlines the typically arduous process of implementing and maintaining SSL certificates in a number of ways. In particular, the solution offers a centralized, intuitive dashboard for at-a-glance management of the entire SSL infrastructure. The Venafi Trust Protection Platform improves the security posture of the enterprise with increased visibility, threat intelligence, policy enforcement, and faster incident response for certificate-related outages and compromises that leverage misused machine identities. That’s a powerful combination!
Previously, the creation or renewal of each SSL certificate was handled by a network admin who had to create a certificate signing request for the Public Key Infrastructure (PKI) team. This team would work with a certificate authority to get a certificate, which would then be installed on the ADC and finally bound to the application’s virtual servers. This process involved a number of steps, multiple teams, and offered less visibility into expiring or noncompliant certificates.
With the Venafi integration from the Citrix ADM app dashboard, SSL certificate lifecycle management is streamlined and no longer demands the attention and time of various teams in the organization. Citrix ADM role-based dashboards allow application owners to monitor, create, renew, and bind SSL certificates for their applications through Venafi independently without involving network admins.
Here's how Citrix ADM further simplifies every stage of the certificate lifecycle with this new workflow.
Application admins can now easily monitor certificates bound to their applications. They are notified if any certificates are due for expiry or if any of their certificates do not comply with their enterprise’s SSL policies. These potential issues appear as negative impacts on an application score in Citrix ADM, enabling the admin to take proactive action to keep certificates up to date and fully compliant.
Figure 1: Citrix ADM app dashboard identifies all SSL certificate issues affecting an application.
Application admins can now create Certificate Signing Requests (CSR) from the Citrix ADM app dashboard, leveraging integration with the Venafi Trust Protection Platform to issue and renew certificates from any of the 40+ Certificate Authorities integrated with Venafi. For the application owners, this means that a process that used to take a few days now only needs a couple minutes—and can even be done proactively with automated renewals.
Application admins can now install their applications’ SSL certificates on the Citrix ADC instance and bind certificates to the virtual servers from within the Citrix ADM app dashboard.
After integrating the Venafi Trust Protection Platform with Citrix ADM service, Citrix ADM can automatically renew and deploy SSL certificates from Venafi and subsequently deploy them across the entire Citrix ADC fleet.
Setting up automatic renewal is easy—simply configure a few parameters to fit your exact needs. Citrix ADM gives you the options to enable or disable automatic renewal, choose the number of days before renewal, enter an encryption password, and automatically deploy to Citrix ADC instances after renewal. So after certificates are issued for the first time, Citrix ADM will do all the routine work of checking expiration dates and keeping your certificates always up to date.
Figure 2: Comparison of SSL certificate lifecycle management before and after Venafi integration.
As cybersecurity continues to be one of the most important considerations for enterprises today, we are excited to continue expanding Citrix ADM’s machine identity management capabilities to help our customers be proactive and efficient in monitoring and managing their certificates while maintaining a consistent security posture across their entire environment.
This blog features a solution from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.