Comprehensive Public Key Infrastructure Solution leveraging DevOps

A leading commercial SSL Certificate Authority, providing web security and identity solutions worldwide, was looking for a partner to help with Integrating Client’s Certificate Management platform with some of the most popular DevOps tools to provide IT teams with a comprehensive PKI (Public Key Infrastructure) solution for DevOps.

Business Challenge

  • To integrate client's Certificate Management Platform with industry-leading DevOps tools that would provide their end clients with strong DevOps powered Public Key Infrastructure (PKI) solution.

Technology Components

  • AWS Services: Ec2, S3, IAM, Route 53, VPC

  • DevOps Tools: Docker, Terraform, Salt Stack, Kubernetes, Chef, Puppet, CI,CD - GIT, Jenkins

  • Scripting: Python, GO Lang, Groovy, Bash, Ruby, Jinja Templating

  • OS Supported: Linux, Windows

Approach

Trianz conducted an assessment and along with the client, initiated execution of the following integration initiatives:

  • Enabling Certificates Issuance Support for SSL and Client

  • Enrolling user definition for all the parameters related to the generation of KEY, CSR and the CERTIFICATE

  • Enabling RSA 2048, 3072, and 4096-bit private key generation formats

  • Generating all the required files for Certificate Enrolment

  • Supporting both the generation of new SSL/CLIENT certificates and the use of existing certificates and other files stored in a location accessible to the DevOps tool being used.

  • Enabling auto-Renewal of Certificates along with checking the validity of a certificate and auto-renewing it if the certificate is expired or is in the expiry window configured by the user.

  • Replacing the existing certificate with a new and the custom CSR parameters or domain names modified, if any.

  • Enabling auto-configuration of the KEY generated and SSL Certificates for NGINX / Apache

Dockers
  1. Docker engine setup and other services

  2. Creation of Docker Files, Docker Images and the Containers

  3. Creation of the Entry point script with business logic to manage the entire Certificate Life cycle

Terraform
  1. Enabled Terraform setup

  2. Creation of Terraform Provider and the GoCert Plugin that handles API calls

  3. Creation of the Go library and scripts with business logic to manage the entire Certificate Lifecycle

Salt Stack
  1. Setting up the Salt Master and the Minions

  2. Creation of the python scripts and modules with business logic to manage the entire Certificate Lifecycle

Transformational Effects

  • Due to these Integrations, the Client was able to provide seamless solutions for the enrollment, collection, renewal, replacement, and revocation of SSL/TLS and CLIENT certificates issued by the Client’s Certificate Manager.

  • By providing solutions for different DevOps tools, the end user does not have to migrate their existing environment to a specific DevOps tool but instead can integrate their existing setup with any of the solutions available.

Contact Us Today

By submitting your information, you agree to our revised  Privacy Policy.

TESTIMONIALS

Get in Touch

Let us help you
transform and grow


Let’s Talk

x

Status message

We're eager to assist you! Please leave a message and we'll get back to you shortly.

By submitting your information, you agree to our revised  Privacy Policy.