Deploying SSL APP Certificates Error-Free at Scale
SSL security for our web-based applications has become commonplace for internal and external-facing applications. Externally, there are over 162M certificates in use today (source:BuiltWith), that’s a huge number of man hours consumed in the deployment of SSL certificates!
Web-based applications are deployed every day and they need to be secured with a certificate from a certificate authority (CA). While this is a common practice, most of us don’t do this every day and struggle with the process when we need to obtain and install a certificate for a new application on our application delivery controllers (ADC).
Process automation workflows from Pliant, an F5 partner, have been created on the F5® BIG-IP® platform to obtain a certificate signing request (CSR), register the CSR with the certificate authority (CA), and then implement the new certificate and key returned from the CA. Automating the process of securing our applications reduces the man hours required and eliminates the possibility of human error, ensuring the delivery of applications on time.
How it works
Pliant provides a secure, low-code/no-code, IT Process Automation (ITPA) platform that allows “citizen developers” to achieve automation without having to write lines of code. The Pliant platform integration with the BIG-IP platform includes drag and drop action blocks that allow you to automate common but time-consuming IT tasks such as provisioning an HTTPS application on your BIG-IP® Local Traffic ManagerTM.
The Pliant platform automation can be part of the F5® Automation Toolchain, a set or combination of tools that aid in the delivery, development, and management of IT infrastructure and software applications throughout the system development lifecycle. The Automation Toolchain includes F5 Declarative Onboarding (DO) for initial configuration of the F5 BIG-IP appliance. DO is designed to address initial configuration tasks sorted at the Layer 2/ level. The F5 Application Services 3 Extension (AS3) is a declarative language used to configure the Layer 4/Layer 7 features of the F5 BIG-IP appliance.
The Pliant ITPA use case of creating a new HTTPS application on the F5 BIG-IP appliance combines several technologies to automate the process of installing a certificate. Pliant integrations with F5 BIG-IP platform contains action blocks for all of the functions available in the F5 iControl library and supports the F5 AS3 declarative technology.
As shown in the graphic, Pliant automation workflows instructs the BIG-IP ADC to generate a CSR which is then transferred to the certificate authority (CA). The new private key and the certificate obtained from the CA is installed on all the BIG-IP appliances balancing the application traffic.
Pliant Automation Workflows Integrate with BIG-IP Appliances for Secure Sessions
An additional workflow collects the relevant information to create the application such as the VIP IP address, real server IP addresses, and the SNAT pool to be used; then creates the entire application via a block that issues an AS3 declarative statement. This whole process takes about two minutes compared to the one-to-two hours normally required for an organization to deploy an application to a single F5 BIG-IP appliance. The time savings is multiplied when the configuration must be applied to many different F5 instances both on-prem and virtual edition (VE) instances in the cloud.
Beyond the protection of the encryption provided by an SSL certificate, applications are also secured with the correct F5 BIG-IP® Application Security ManagerTM (ASM) policies. Automating the deployment of ASM policies drives consistent security across the enterprise. Pliant workflows ensure that modified ASM policies can be re-deployed to all of your F5 BIG-IP appliances in seconds.
Deliver Error-free Deployment of SSL APP Certificates at Scale
Deploy SSL Applications In Minutes, Error Free
The Pliant ITPA automation workflows allow IT organizations to quickly provision HTTPS applications utilizing a variety of technology integrations residing in a single, secure platform. Low-code/no-code automation simplifies the IT skillset required to interact with both the F5 BIG-IP appliance, your certificate authority (CA) of choice, and the supporting infrastructure so you can:
- reduce swivel chair time and deployment delays due to skill set availability.
- deliver repeatable application deployment at scale.
- eliminate human error throughout the configuration process.
- ensure application security across your BIG-IP deployment.