This is a guest blog post by Abul Salek, Director of Product Management, Sectigo.
Citrix ADC’s SSL offload feature transparently improves the performance of web sites that conduct SSL transactions. Offloading CPU-intensive SSL encryption and decryption tasks from the local web server to the appliance ensures secure delivery of web applications without the performance penalty incurred when the server processes the SSL data. For the end users, it results in faster web page loading and more reliable access to content.
Configuring SSL offloading requires an SSL certificate and key pair, which must be obtained from a certification authority. Other SSL-related tasks include managing certificates, managing certificate revocation lists, configuring client authentication, and managing SSL actions and policies.
It’s common practice to deploy the Citrix ADC in a bank of servers in an enterprise environment. Some large organizations have a need to roll them out by the hundreds. Manually managing this volume of certificates is inefficient. You can save a significant amount of time and reduce costs by leveraging automation for this process.
This is a key reason Citrix and Sectigo have partnered to streamline certificate management on Citrix ADCs. I’m pleased to announce that the Sectigo Certificate Manager is now Citrix Ready with the latest versions of Citrix ADC.
As a PKI vendor, Sectigo can provide and manage these certificates. In addition, Sectigo has developed a solution to fully automate their issuance, installation, and renewal. The Sectigo solution enables certificate enrollment for a multitude of Citrix ADCs from a single client with a single command, an incredible improvement over the current, manual process.
Figures 1 and 2 below show the deployment scenarios.
The Sectigo automation solution leverages the standards-based protocol Automatic Certificate Management Environment (ACME), along with additional custom client software, to address the end-to end-automation of certificate management. Our software will iterate through the Citrix ADCs to obtain SSL certificates from the Sectigo Cloud and install them to each instance without human intervention. The system is automatically set up to renew certificates when they near expiry. Doing so prevents outages caused by expired certificates. If you need 100 percent availability of your service, this solution is a must-have.
Many of our customers use the DevOps process to accelerate deployment and maintenance of their IT environment. To streamline their work, we have developed a Docker container-based solution to manage the lifecycle of certificates in Citrix ADC. The container is based on a low-footprint, hardened OS to ensure security and rapid deployment. This ready-to-go approach also reduces human error in setting up the system.
About Citrix Ready Marketplace
The Citrix Ready Marketplace gives customers and channel partners a simple and effective way to explore and select Citrix Ready verified solutions. The breadth and depth of the Citrix partner ecosystem provides flexibility and choice, and the marketplace makes it easy to locate joint offerings and compatible solutions, increasing both confidence and trust. Today, there are over 650 active partners in the Citrix Ready program and over 30,000 verifications in the Citrix Ready Marketplace.
Note: Anil Kumar, Technical Marketing Manager, Citrix Ready, contributed to this post.
Abul Salek is Director of Product Management at Sectigo. He leads product strategy in PKI, Internet of Things (IoT), and SSL/TLS market areas. He has more than 25 years of experience leading cloud-service operation, software development, technical support, and products.