Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 18025 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to automate certificate imports?

MichaelSieben

Hi,

we're planning to shorten our certifcates lifetimes and for this reason we are looking how to automate our certificate handling.

Is there a way to import certficates into the UTM without user interaction?

Thanks in advance

Michael



This thread was automatically locked due to age.
Parents
  • 0
    More and more people are going to be asking for this same feature. Having certificates with a long lifetime is bad security practice, so having a way to have the firewall automatically request renewed certificate is essential. With the advent of free certificates from letsencypt.org (now open to the public) many will be expecting this feature. Being able to load them from another host would also (possibly more so) be important since if you encrypt end-to-end you need the certificate on both the webserver and the firewall.
  • 0 in reply to theRat

    Not entirely sure I trust an automated system to auto request and deploy my certificates for me. Working for a security outfit and being the Cert Authority Controller, I want to be in full control of how my certificates are processed, when they are requested/signed and to examine the cert before deployment. Relying on automation feels lazy and laziness leads to lacklustre security which can lead to a breach.

    I'm only saying this because what if your automated certificate requester was breached/compromised internally and configured to request Certs from a compromised signing authority?

    To request, await signing, download, package and deploy takes about 10-20 minutes of my time every few months.

Reply
  • 0 in reply to theRat

    Not entirely sure I trust an automated system to auto request and deploy my certificates for me. Working for a security outfit and being the Cert Authority Controller, I want to be in full control of how my certificates are processed, when they are requested/signed and to examine the cert before deployment. Relying on automation feels lazy and laziness leads to lacklustre security which can lead to a breach.

    I'm only saying this because what if your automated certificate requester was breached/compromised internally and configured to request Certs from a compromised signing authority?

    To request, await signing, download, package and deploy takes about 10-20 minutes of my time every few months.

Children
No Data
Unfiltered HTML