Deploying SSL APP Certificates Error-Free at Scale
SSL security for our web-based applications has become commonplace for internal and external-facing applications. Externally, there are over 162M certificates in use today (source:BuiltWith), that’s a huge number of man hours consumed in the deployment of SSL certificates!
Web-based applications are deployed every day and they need to be secured with a certificate from a certificate authority (CA). While this is a common practice, most of us don’t do this every day and struggle with the process when we need to obtain and install a certificate for a new application on our application delivery controllers (ADC).
Process automation workflows from Pliant, an F5 partner, have been created on the F5® BIG-IP® platform to obtain a certificate signing request (CSR), register the CSR with the certificate authority (CA), and then implement the new certificate and key returned from the CA. Automating the process of securing our applications reduces the man hours required and eliminates the possibility of human error, ensuring the delivery of applications on time.
How it works
Pliant provides a secure, low-code/no-code, IT Process Automation (ITPA) platform that allows “citizen developers” to achieve automation without having to write lines of code. The Pliant platform integration with the BIG-IP platform includes drag and drop action blocks that allow you to automate common but time-consuming IT tasks such as provisioning an HTTPS application on your BIG-IP® Local Traffic ManagerTM.
The Pliant platform automation can be part of the F5® Automation Toolchain, a set or combination of tools that aid in the delivery, development, and management of IT infrastructure and software applications throughout the system development lifecycle. The Automation Toolchain includes F5 Declarative Onboarding (DO) for initial configuration of the F5 BIG-IP appliance. DO is designed to address initial configuration tasks sorted at the Layer 2/ level. The F5 Application Services 3 Extension (AS3) is a declarative language used to configure the Layer 4/Layer 7 features of the F5 BIG-IP appliance.
The Pliant ITPA use case of creating a new HTTPS application on the F5 BIG-IP appliance combines several technologies to automate the process of installing a certificate. Pliant integrations with F5 BIG-IP platform contains action blocks for all of the functions available in the F5 iControl library and supports the F5 AS3 declarative technology.
As shown in the graphic, Pliant automation workflows instructs the BIG-IP ADC to generate a CSR which is then transferred to the certificate authority (CA). The new private key and the certificate obtained from the CA is installed on all the BIG-IP appliances balancing the application traffic.