The client is a financial services company in US. They were unable to track the expiry of certificates and were facing unplanned certificate outages which resulted in service interruption. Hence, they wanted to implement an automatic certificate management solution.
Infosys reduced the risk of certificate outages by defining a standard process to auto-renew the certificates using Venafi platform.
Key Challenges
- Absence of certificate expiry notification mechanism leading to increase in certificate outages
- Time intensive manual installation of certificates
- No certificate inventory in client’s environment leading to mismanagement of 3rd party/external issued certificates
- Lack of a standard process to map certificates to their respective applications
- Limited and read-only privileges granted to application owners leading to difficulty in renewing or downloading certificates
The Solution
Innovative processes for efficiently tracking certificates
- Mapped internal certificates with respective devices and Venafi drivers for auto-installation
- Created a comprehensive inventory of certificates with details of owners, applications and certificate expiry for ease of tracking
- Built an application-based policy structure to segregate obsolete / duplicate certificates in dedicated folders
- Enabled advanced email notifications for certificate expiry
- Facilitated service owners with certificate download privileges
Benefits
Better certificate lifecycle management
Auto renewed 1500+ certificates for 500+ applications
Enhanced tracking of certificate expiry and renewal status
Boosted productivity by creating a detailed inventory of certificates and respective owners
Improved visibility by creating a single place to manage all certificates i.e. public, private and self-signed
