More than web server certificates, digital identity

I had an interesting 2023; for half the year, I was a Senior Systems Engineer at the university where I graduated thirty years earlier. Many tasks were the same as when I was last an SSE: checking backups and Windows Patches, handling helpdesk escalations and updating certificates. The certificates were a place that seemed simple but got complicated with multiple websites, operating systems, and web servers. I was lucky to have a different team looking after client-side certificates. We relied on our operations monitoring system to alert us for impeding certificate expiry, a 30 day warning gave time but we had point solutions for certificate automation, some of them fragile. We also had multiple systems managed by third-party providers; I was always concerned about the risk of not knowing how well-maintained these were.

The DigiCert Enterprise Certificate Management console and the certificate discovery tools would have helped with visibility and control. The ability to use acme to drive certificate rotation from a central policy would have been an improvement over local scripts on each server. The University was migrating many applications to Azure, bringing another management console and set of concepts, again it would have been nice to centralize on one console. DigiCert could also have helped my client-device colleagues manage the certificate enrollment and validation for the many laptops and mobile devices connected to the University network.

While I was at the University, I was still teaching AWS training. I was interested in how DigiCert integrates into a CI/CD pipeline to manage the supply chain of software components in your in-house software. Scanning and signing artifacts is vital for knowing the provenance of all the code you run in your organization, and DigiCert can integrate with your existing tools to ensure the code your developers write and the third-party libraries they use are what they claim to be, not a trojan horse delivered through a repo-squatting bad actor.

As always, there is more to DigiCert than I have covered here. Check out the presentations on Tech Field Day or later from the Digicert Security Field Day page.