DigiCert: Scalable, Trusted Security for IoT Systems

Jason Sabin, Chief Security Officer
The exponential growth of devices and objects connected to the web, known as the Internet of Things (IoT), brings with it new business opportunities and lifestyle enhancements, not only for organizations and consumers but also for hackers looking to take advantage of poor security. With large amounts of sensitive data being generated and shared by IoT devices, the need for scalable, trustworthy security has never been greater. One answer comes from a solution that has been working quietly to protect data for a long-time—Public Key Infrastructure (PKI).

DigiCert, the Lehi, Utah-based firm is in the forefront, as the world’s second-largest issuer of high-assurance SSL/TLS certificates for enterprises and emerging markets. As a leader in advancing best practices and innovation for the authentication and encryption markets, DigiCert provides end-to-end security and large-scale certificate management for the IoT.

“DigiCert offers the proven security of PKI at the scale that the IoT ecosystem requires,” says Jason Sabin, Chief Security Officer, DigiCert. “Together with our reputation for excellence and customer focus, we’re seeing many firms approach us for deployments of large quantities of digital certificates to secure their IoT products.”

The IoT market is booming. According to recent reports, by 2020, an estimated 25 billion devices will be connected to the IoT. As these devices become more integrated into everyday living, innovative security solutions are needed to protect end-users from eavesdropping or malicious attacks.

“If correctly implemented, PKI can support security and trust at the enormous scale that IoT ecosystems and networked devices require,” adds Sabin. “PKI provides strong identity authentication and creates the foundation of trust that systems, devices, applications, and users need to safely interact and exchange sensitive data.”

DigiCert’s IoT solutions work for organizations across a wide spectrum of vertical markets, whether those be manufacturing, healthcare, industrial infrastructure, wearables, automobiles.

DigiCert’s all-in-one Managed PKI, cloud-based platform, named CertCentral™, and simplifies certificate management throughout all phases of the certificate lifecycle. The platform also allows users to request and renew certificates in just a few clicks of a mouse and in matter of a few minutes or lesser to save administrators time.
CertCentral also provides real-time monitoring of all digital certificates issued for an organization’s domains to detect fraud and mis-issuance and help assure compliance across the organization. CertCentral’s inspection functions help organizations identify weak configurations to close potential security gaps, and administrators are able to track spending by allocating each certificate to a specific business unit.


If correctly implemented, PKI can support security and trust at the enormous scale that IoT ecosystems and networked devices require


DigiCert’s validation team works round the clock to ensure that customer identities can be thoroughly vetted while issuing certificates faster than any other public CA. Geo locating its data centers around the world helps DigiCert provide the fastest OCSP times, which is the check made by an Internet browser when determining if a digital certificate is legitimate, which improves page load time to keep end-users from abandoning a page.

“DigiCert helps save our customers’ time and manpower, and potentially avoid the devastating consequences of improper configuration of digital certificates,” says DigiCert Vice President of Operations Flavio Martins. “Our expert teams help provide guidance for our customers and simplify IoT certificate management,” adds Martins.

Recently, Plex, one of the leading personal media streaming solutions, collaborated with DigiCert to provide publicly trusted certificates for all Plex media streaming and cloud services. DigiCert’s certificate-based IoT solution allows Plex to provide end-to-end security for tens of millions of Plex media servers and clients, through automated, PKI-based deployments.

“The IoT landscape is quickly advancing, evolving, and more organizations are shifting to DigiCert because we are agile and responsive, and able to innovate with the certificate management solutions that meet their needs,” concludes Sabin. “We’re excited about the future ahead.”

DigiCert News

DigiCert Helps Drive 5G Network Transformation with New IoT Device Manager Features

SINGAPORE - DigiCert, Inc., the worlds leading provider of TLS/SSL, IoT and other PKI solutions, has announced a robust set of features and capabilities in DigiCert“‡ IoT Device Manager that enable telecommunications providers to deploy 5G network services to cloud environments while maintaining security, compliance and performance. Hosted on the DigiCert ONE platform, IoT Device Manager provides support for strong authentication in dynamic, cloud-native environments, as well as scalability and operational integrity.

Todays telecommunication organizations face a variety of similar transformation challenges as they migrate to 5G using cloud data centers. Many are moving from primarily physical environments with primitive authentication techniques, minimal use of cryptography and pre-shared keys. These traditional infrastructures are capital-intensive to scale, inefficient and inflexible, slowing delivery of new services and time to market. Increasingly, they are moving toward more dynamic business models built around a DevOps mindset. These 5G and cloud environments are virtualized, dynamically scalable and enable unparalleled business agility and smooth scalability.

To support their transformation and enable more rapid time-to-market for products, telecommunication providers require a platform designed for todays highly dynamic, cloud-native, modern business models. The platform must provide strong authentication across on-premises and cloud environments, and the ability to perform at scale on the worlds largest networks. It needs to ensure operational integrity to help organizations meet compliance requirements and legal mandates.

IoT Device Manager on DigiCert ONE is built from the ground up to support transformative new models. It delivers:

Robust IoT security, establishing a root of trust through PKI for authentication, encryption and data integrity. A simple identity management tool, it lets organizations assign and manage device identity in large or small volumes at any stage of the lifecycle, operating with total visibility over certificates issued to devices.

Scalability for 5G and cloud environments, with support for a variety of certificate management protocols, including RESTful API, EST, CMPv2 and EST.

Support for broad operational integrity to meet compliance requirements and legal mandates. Utilizing metadata, IoT Device Manager enables a broader integration of tools that previously had been unable to share information and integrate smoothly with one another. By bringing together a diverse array of data from a variety of sources, it enables organizations to gain additional insight and value to support device management.

As telecommunications, manufacturers and other organizations move to increasingly dynamic models, the IoT Device Manager provides the flexibility and rapid scalability they need to support 5G and cloud migration, said DigiCert Senior Vice President of Product Brian Trzupek. DigiCert ONE delivers the features, compatibility and performance our customers need to accelerate their digital transformation and take advantage of compelling new business models.

IoT Device Manager uses a container-based, cloud-agnostic implementation and allows organizations to provision and embed device identity at any stage of the device lifecycle, from the factory to device deployment in a variety of environments. It lets customers simplify device identity, authentication, encryption and integrity with a single click, and marry device data visualization with cryptographic, manufacturing and factory process data. IoT Device Manager supports standards-based interoperability with many third-party manufacturing and provisioning systems.

IoT Device Manager is built on DigiCert ONE, a PKI management platform architected and released in 2020 to be the PKI infrastructure service for today's modern cloud-native challenges. DigiCert ONE offers multiple management solutions and is designed for all forms of PKI. It is flexible enough to be deployed on-premises, in-country or in the cloud to meet stringent requirements, custom integrations and airgap needs. It also deploys extremely high volumes of certificates quickly using robust and highly scalable infrastructure. DigiCert ONE delivers end-to-end centralized user and device certificate management, a modern approach to PKI.

DigiCert Announces DigiCert® Automation Gateway

SINGAPORE - DigiCert, Inc., the worlds leading provider of TLS/SSL, IoT and other PKI solutions, today announced its new DigiCert Automation Gateway. Automation Gateway launches with integration into DigiCert CertCentral® in Q4. This new automation approach is designed to accelerate the adoption of automated certificate issuance, renewal, reissuance and revocation by tackling some of the common concerns with existing offerings. Automation Gateway will provide organizations the confidence to widely deploy automation protocols within their company networks to provide greater agility.

Automation Gateway lives on-premises in an enterprise network to securely monitor, automate and process certificate lifecycle events through a controllable proxied connection. It is a communication bridge between DigiCerts various management and automation tools, such as ACME, to simplify acquiring and deploying certificates. Deployment of this offering is a significant milestone in DigiCerts vision to promote and enable crypto-agility and shorter certificate lifecycles. Automation is key in managing security events and responding to new threats.

DigiCert is dedicated to creating robust management and automation tools that enterprises can use to simplify their security processes and increase web security. With the constant increase in threats, enterprises need agility in how they deploy and manage certificates throughout their organization, said Jeremy Rowley, Chief of Product at DigiCert. "Many enterprises are wary of fully adopting automated PKI solutions because of the inherent risk of needing to open their network ports to the public internet. Automation Gateway removes that risk with trusted, automated controllers and proxies.

Automation Gateway also offers failover to provide uninterrupted uptime and prevent outages. The gateway automatically replaces missing, expired or revoked certificates on connected devices. Using the gateway, any number of internal servers can be automatically updated. With smart meshed interaction, if one node goes dark in the network, devices may still acquire certificates and continue to function securely.

Previous industry events, such as the transition from SHA-1 to SHA-2, demonstrate the need for a more agile web PKI. In addition, CA/B Forum requirements specify that a certificate must be replaced within 24 hours for key compromise and similar events, and five days if information changes or there is a technical gap in certificate contents. Automation is critical in meeting these requirements.

Continued Rowley, Automation Gateway in CertCentral will offer an intuitive experience, with smart software that remembers organizational security preferences and eliminates the manual configuration currently required for ACME certbot and other clients in use today."

When released later this year, Automation Gateway will join CertCentral Automation Tools to provide a completely automated certificate management solution. Currently, CertCentral Automation Tools feature the following benefits:

Automation and discovery across multiple servers for larger-scale networks

The ability to utilize agents for easy to manage, scalable ACME deployments for OV and EV, with DV coming soon

Seamless integration with OEM solutions such as F5, Citrix NetScaler, A10 as well as popular server orchestration and management platforms such as Chef, Puppet, ServiceNow and more

Customizable automation through APIs to integrate DigiCert tools and a customers system

Auto-renew configuration via CertCentral console

DigiCert Announces New Multi-year Plan in DigiCert CertCentral® to Help Customers Simplify TLS Certificate Management Ahead of 1-Year Lifetime Requirements

SINGAPORE - DigiCert, Inc., the worlds leading provider of TLS/SSL, IoT and other PKI solutions, today announced a new Multi-year Plan of up to six-year coverage for TLS certificate purchases in the DigiCert CertCentral® TLS Manager. The Multi-year Plan simplifies certificate purchasing and renewal processes for customers and partners ahead of Sept. 1, when browsers will shorten maximum certificate lifetimes to one year. Multi-year Plan eliminates the need for annual per-certificate purchases, achieves cost savings via Multi-year Plan discounts and takes advantage of CertCentral automation.

Multi-year Plan is currently available for purchase from DigiCert Authorized Partners and in CertCentral. Customers can take advantage of the offer by signing up for the industrys leading TLS Manager, CertCentral.

DigiCert Multi-year Plan simplifies certificate management for our partners and customers, particularly amid the continued demand for shortening certificate lifetimes, said Jeremy Rowley, Chief of Product at DigiCert. Currently, we enable customers and partners with flexible certificate lifetimes as short as hours via our APIs. With Multi-year Plan in CertCentral, we are extending this capability to enable customers and partners to take advantage of varying certificate servicing times through our growing automation functionality, while enjoying simplified renewal processes and discounted pricing for up to six years.

DigiCert offers two-, three-, four-, five- and six-year Multi-year Plan for TLS certificates, allowing customers to avoid the hassles of corporate procurement processes each year and enjoy discounts with each year of coverage that they select. Using CertCentral, customers can set automated renewals for each year of their service.

Multi-year Plan helps organizations to further reduce certificate outages with available CertCentral automation and will ensure they can take advantage of time-saving capabilities like:

Supports new orders for almost any ACME client running on the customer server

Automation and discovery across multiple servers for larger-scale networks

The ability to utilize sensors for easy to manage, scalable ACME deployments

Seamless integration with OEM solutions such as F5, Citrix, NetScaler, A10 as well as popular server orchestration and management platforms

Customizable automation through APIs to integrate DigiCert tools and your system

Auto-renew configuration via CertCentral console

Our new Multi-year Plan reflects DigiCerts core commitment to providing a best-in-class customer experience, said Tobias Zatti, Product Manager at DigiCert. With Multi-year Plan, customers will soon be able to purchase an OV or EV certificate, set up an ACME client and fully manage the entire payment lifecycle within CertCentral, with the installation of the certificate automated for up to six years. No other CA offers that flexibility and coverage.

DigiCert Secure Software Manager Modernizes PKI Automation to Enable Frictionless Secure Code Signing, Private Key Management

SINGAPORE - DigiCert, Inc., the worlds leading provider of TLS/SSL, IoT and PKI solutions, today introduced Secure Software Manager, a modern way to automate and manage PKI security across CI/CD pipelines. Secure Software Manager makes it easy for enterprises to integrate secure key management for code signing into their development processes while delegating cryptographic operations, signing activities and management in a controlled and auditable way.

The drive for agility leaves todays product engineering organizations exposed to internal threats and hackers. Stolen code signing certificates and their associated keys have led to many high-profile attacks, where these keys have been used to sign malware and commit fraud. DevOps teams need signing solutions that fit within their workflows and make signing keys easily accessible when pushing code, but many orchestration tools do not include key protection.

Secure Software Manager removes the burden on engineers for cryptographic asset protection, enabling them to sign with confidence and freeing them to do what they do best: develop and deploy software quickly and efficiently. It provides:

• command line tools that easily integrate with CI/CD systems

• automatic signing of packages, binaries and containers on every merge to master when authorized

• RESTful APIs for custom integrations

• simultaneous signing of Docker containers and software code, adding trust to every step of process

Using Secure Software Manager reduces the risk of key theft and misuse by strengthening security around key accessibility and storage. Hash signing lets developers protect intellectual property, as no files are uploaded to the cloud.

Additionally, IT organizations must comply with a variety of rapidly changing regulations that require robust key protections across increasingly dynamic and orchestrated environments. They also require full reporting and auditing capabilities to ensure compliance. Secure Software Manager enables:

• secure private key management in hardware security module (HSM) and offline mode for keys when not signing

• flexible deployment via SaaS or on a public or private datacenter

• centralized user management with flexible, role-based permissions and single sign-on (SSO)

• audit trail of signing activity for forensics and full accountability

Secure Software Manager meets customers where they need to be, whether on-premises, in the cloud, or in hybrid environments through the DigiCert ONE platform, said Senior Vice President of Product Brian Trzupek. Our customers can enjoy complete automation or tailor the solution to support the degree of functions they require and be assured of seamless integration with their familiar CI/CD tools and processes.

Beyond authenticating devices for the IoT and enterprise networks with certificates issued from DigiCert ONE managers, organizations can secure code and firmware. This includes enabling secure over-the-air updates throughout the lifetime of the device, using Secure Software Manager.

Secure Software Manager is built on DigiCert ONE, a PKI management platform built with a new architecture and software to be the PKI infrastructure service for todays modern cloud-native challenges. Released in 2020, DigiCert ONE offers multiple management solutions and is designed for all PKI use cases. Its flexibility allows it to be deployed on-premises, in-country or in the cloud to meet stringent requirements, custom integrations and airgap needs. It also deploys extremely high volumes of certificates quickly using robust and highly scalable infrastructure. DigiCert ONE delivers end-to-end centralized user and device certificate management, a modern approach to PKI to provide trust across Kubernetes clusters and dynamic IT architectures.

Company
DigiCert

Headquarters
Lehi, UT

Management
Jason Sabin, Chief Security Officer and Flavio Martins, VP of Operations

Description
Leading global certificate authority and provider of managed PKI, SSL and identity authentication services.