Automation Tools Like ACME Help Prevent Disruptions During Uncertain Times

Web certificates are a foundational element of website security, enabling organizations to verify that the web address in question really does belong to them, as well as to keep users secure by encrypting their information. These certificates have become ubiquitous, and most savvy web users now know to look for the telltale indicators of a valid web certificate, which may include a closed padlock or green address bar, depending on the browser used.

And it isn’t just individual users who use these certificates to establish trust—entire networks depend on being able to verify the identity of a website, device, piece of software, or other entity.

We’ve seen what happens when those certificates expire, or become invalid: the O2 crisis in Europe, where more than 32 million customers of the wireless provider experienced an outage, was caused by an expired
certificate tied to a piece of software. Such lapses can happen even in the best of times, and with a global pandemic forcing a significant portion of the workforce to operate remotely, the risk of a business disruption caused by an unnoticed certificate expiration is higher than ever. Fortunately, the rise of tools like the Automatic Certificate Management Environment (ACME) have made the task of automatically managing web certificates significantly easier, even in uncertain times.

Although it might once have been a wise decision for organizations to handle certificate management in-house, today a single server TLS/SSL certificate installation can be both costly and time consuming to install and manage. In fact, from login to testing, doing so entails a nine-step process that can cost between $50 and $100 per website for each certificate installation and renewal. In today’s world, where organizations operate websites across multiple domains, proxies, and load balancers, this process can quickly become overly burdensome to IT teams.

Human error is also a concern—even more so than usual, given current events. Remote workers are more susceptible to distraction and potential absenteeism, introducing potentially damaging variables into not just the certificate renewal process, but also installation. Certificate management can be complex, and given the potentially disastrous consequences of a certificate lapse, putting the responsibility in the hands of those without specialized knowledge and training represents a significant risk.

Misconfigurations are a common issue, and a lack of visibility into installed certificates can cause problems for organizations down the road. Even those with the knowledge required to perform these actions can make mistakes, especially when faced with the disruption of working remotely.

Some organizations argue that the degree of direct control that manual management provides them is worth the potential drawbacks, but today’s automation tools ensure that organizations can more effectively manage their certificates without giving up that control.

Developed by the Internet Engineering Task Force (IETF), the ACME protocol has become particularly popular for certificate management, has been adopted by more than 150 million websites, and is supported by more than 130 open-source tools.

Businesses that operate primarily in a Windows environment already know how much of a difference automation can make. Microsoft CA, Microsoft’s built-in certificate management software, enables auto-enrollment and auto-renewal of certificates in a Windows environment, which allows organizations to easily and efficiently handle their private, internal certificates; however, when it comes to publicly trusted SSL certificates, a separate vendor is needed.

This is compounded by the fact that few businesses operate in a solely Windows environment—especially in today’s BYOD world, organizations and their employees operate devices using a variety of different operating systems, from Linux to MacOS.

Essentially, ACME is a framework for automated issuance and validation of Extended Validation (EV), Organization Validation (OV), and Domain Validation (DV) SSL certificates, all without manual user interaction. ACME tools enable fully automated key generation, domain control validation, certificate creation, and installation to the server.

Versatility is another major reason behind ACME’s popularity, and it extends beyond being able to integrate with multiple types of web servers. Many businesses use a wide range of DevOps tools to manage deployments, such as Kubernetes, Salt Stack, Terraform, and Docker—to name a few—and all of these tools support ACME integration.

Widespread adoption of ACME has enabled the creation of a wider ecosystem of supported tools that users can opt into, adding new functionalities that can not only reduce deployment time, but eliminate additional opportunities for human error.

ACME is not the only automatic certificate management tool, but it is one that enjoys considerable support from within the industry. The open-source nature of the tool makes it easy to integrate with other certificate management platforms, and supports management of all varieties of SSL certificates.

By making it simple and easy to issue, manage, renew, and revoke these certificates, ACME can help organizations automatically manage the often massive number of certificates that today’s digital environments necessitate.

Faced with a global pandemic, businesses across the globe have demonstrated tremendous flexibility and resilience in adapting to the new reality of remote work. But it is critical that they continue to mind the details, avoiding the easily preventable outages and even fines associated with expired web certificates.

As employees adjust their own workflows to establish a new sense of normality, providing them with the tools they need to effectively and efficiently do their jobs will continue to grow more critical. Automation is both the present and future of the industry, and ACME is one of its most important tools.