Strong authentication and SSL certificates in Digital...

1

Strong authentication

and SSL certificates in

Digital world

Mija Božič

Sales specialist, Veracomp d.o.o.

2

WHAT IS RESHAPING THE ENTERPRISE ?

2

3

Proprietary and Confidential. Copyright Entrust Datacard 3

Entrust Datacard

$800M in revenue

2,200 employees across 34

global offices

25 Countries use our PKI plus

the UN, Interpol and NATO

24M Global financial messages

encrypted and secured daily

150+ Countries served

#1 provider of secure identity

solutions globally

4


5

SOLUTION OVERVIEW

Critical On-Premise

Systems & Apps

Customer & Partner

Web Portals

VPN Access Cloud SSO

USE CASES

Application

Provisioning

Adaptive

Access

User/Group

Management

Authenticator

Suite

Management

Reporting

User Self

Service

User Access IT Agility

Desktop Login

Mobile – the Primary

Computing Platform

6 6

Comprehensive

Integration APIs and SDKs

Context-Based

Policy Agility

Deployment

Options

Domain

Agnostic

User

Self-Service

Context-Based

User Experience

Authenticator

Suite

EXTENSIBLE SOFTWARE AUTHENTICATION

PLATFORM

7


Includes eBook by

industry expert, Ivan Ristic

8


Security Beyond the Certificate

Entrust Certificate Services

Centralizes visibility & compliance for all

certificate types — regardless of issuing CA

Simplifies end-to-end lifecycle management

Benefits

Improve service uptime

Avoid security lapses

Preserve brand reputation

Best CtaaS Frost & Sullivan, “SSL/TLS Certificates Market — Finding the Business Model in an All Encrypt World” Sept. 2016

9


Product Overview – Digital Certificates

SSL/TLS INCLUDES

Support 24x5 (standard)

SSL Server Test

Unlimited Reissues

Best Practices

Unlimited Server Licensing

SHA-2/2048 –bit Keys

Website Security Bundles

99.9%+ Browser Ubiquity

10

ECS Enterprise

Certificate Management Platform

11


Discover

Discovery Agent

Deploy scanner to find

Certificates & location

Manual Import

Import un-scannable

certificates

CT Import

Import certificates

from CT Logs

SSL Server Test

Assess & track end-

point configuration

Sitelock

Assess end-points for

Malware & Reputation

CAPI Scanner

Scan MS CAPI Store for

Certificates

Foreign Certs

ECS

Certificates

Microsoft

Certificates

Entrust PKI

Certificates

Self-Signed

Certificates

Competitive

Certificates

Other

Certificates

Native Certs

Code

Sign

Document Sign

Secure Email

OV SSL

WC SSL

Private SSL

Internal SSL

White-Label SSL

EV SSL

Mobile Device

24/7

Support

Best Practice

Advisory

Dedicated Sales

Rep

Flexible

Licensing

Revocation

Services

Security

Reputation

Rapid

Verification

Global Browser

Support

Requests

Administrator

eForm

Requester

US

ER

S

Ansible

ServiceNow

API

CO

NN

EC

TO

RS

ACME

(Apache)

Turbo

(IIS)

AU

TO

-IN

ST

AL

L

Management

Certificates & Web Sites

Lifecycle

Management

Issue, Re-Issue, Revoke,

Renew, Duplicate

Policy

Engine

Implement industry policy,

manage

custom policy

End-Point

Management

Auto-install, End-point

scoring, Locations,

Path Validation

Monitor

& Alerts

Policy, Best Practice, Low

Server Grades, Malware

scanning

Report, Notifications

Dashboard, Alerts

Charts, Emails

Reports

Manage

Switch Issuance

Entrust Certificate Services

12


Best Practices – In Practice

Find and Discover the

certificates on your network

Ensure you maximise the

Certificate inventory

Have in place intuitive

request/approval workflows

together with customisation

options

Default and custom

reporting on expiry,

Inventory.

Monitor certificates, web

servers for vulnerabilities

and applications for threats

Use Best Practice for

installation and

management of certificates

13


Here’s How It Works Reusable Licenses for Changing Web Environments

Select account term

1, 2, 3, 4 or 5 years

1

Purchase SSL/TLS

certificates

Licenses (purchased mid-

term) pro-rated to account

term

4

Deploy and redeploy

Recycle licenses

throughout

certificate lifecycle

5

Take advantage of

volume and term

discounts

Discounts applied

throughout the term

3

Set convenient

certificate expiration

dates

Issue certificates

from 2-27 months, avoid

holidays and busy periods

2

14


Used Licenses Are Returned To Inventory For Reuse

SERVER 2

SERVER 1

DEPLOY LICENSE A ON 1

INVENTORY

REDEPLOY LICENSE A ON 2

DEACTIVATE LICENSE A

RETURN TO

INVENTORY DEACTIVATE LICENSE A RETURN

TO INVENTORY

15


Certificate Discovery (Managed Certificates Tab)

Consolidates all Entrust and Non-Entrust Certificates into a Single, Centralized Dashboard

16

SSL Automation & Integrations

Ansible & REST API

Integration

Integration

17

Ansible Overview

18 Proprietary and Confidential / Copyright Entrust Datacard 18

Automation using DevOps Tools in ECS Enterprise

• Automation using DevOps tools is possible with 12.6 release

• What is DevOps/Orchestration Support?

ECS

REST

API

ECS

Enterprise

Ansible

Entrust Datacard Premises Customer Premises

F5

Apache

IIS

AWS

Configuration Mgmt tools

Salt Stack

Chef

• Automate ECS requests… • Renew/re-issue/duplicate cert

• Revoke cert

• Request new domain verification

1

• Automate installation • Generate CSR

• Configure end-point

• Install certificate

• Restart services

2

Puppet

Azure

HashiCorp Vault

Secrets Mgmt

19

ServiceNow Integration

20


Integration & Capabilities

• Synchronize active certificate data between ServiceNow and Entrust

• Create new certificates using ServiceNow hosted approval workflow

• Renew existing certificates using ServiceNow hosted approval workflow

• Provide access to issued certificates in ServiceNow

21


Thank you for your attention

Strong authentication and SSL certificates in Digital...

Documents

Transcript of Strong authentication and SSL certificates in Digital...