AppViewX is a global leader in the management, automation and orchestration of network services in brownfield and greenfield data centers. The AppViewX Platform helps network operations (NetOps) adapt to technology and process demands, such as agile, DevOps, IoT, cloud, and software-defined infrastructure. AppViewX delivers greater business agility and efficiency at a lower cost.
Combining the AppViewX CERT+ certificate management solution and Thales TCT’s Luna Network HSM provides the ultimate solution for maintaining the security and integrity of all the keys and certificates in your network infrastructure.
Solution: AppViewX CERT+ and Thales TCT Luna Hardware Security Modules
AppViewX’s CERT+ certificate management solution provides a one-stop solution for automated discovery, expiration alerting, renewal, provisioning, and revoking of SSL/TLS certificates and SSH keys across networks, including app servers, web servers, ADCs, proxies, and firewalls. It arms security operations and PKI teams with critical insights to avoid unwanted outages and other issues associated with out-of-compliance certificates. CERT+ integrates with major certificate authorities, including GeoTrust, Comodo, DigiCert, Microsoft CA, and Entrust. The platform recreates a holistic chain-of-trust view for each certificate, indicating the root CA, intermediate CA, and the server/application-level certificates. Users can download/upload certificates and keys, revoke certificates, generate CSRs, and more importantly, renew certificates. Once renewed, these certificates can be pushed to the applications either manually or via an automated process.
As part of the certificate management process, CERT+ must store private keys associated with the SSL certificates. Keeping these private keys secure is paramount to the integrity of the system. A key hierarchy with a series of encryption and encoding steps is used to secure these keys, but at the top of hierarchy is a Master Encryption Key (MEK) that must be protected. Using a FIPS 140-2 certified hardware security module like the Thales TCT Luna HSM to generate and store this Master Encryption Key protects the integrity of the entire hierarchy.