This blog post was co-authored by Asit Mohapatra, Senior Product Manager.

There are two actors on a network — people and machines. People rely on usernames and passwords to identify themselves to machines so they can get access to networks and data. Cryptographic keys and digital certificates identify and authenticate machines. As the number of machines increases, driven by digital transformation and the emergence of various machine types — applications, cloud workloads, virtual machines, containers, IoT, and more — these machine identities become more critical.

SSL certificates are integral to application security today, and many enterprises still struggle with machine identity management. Expired certificates make content inaccessible, hurting brand reputation and revenue. Fortunately, Citrix Application Delivery Management (ADM) and Venafi offer a better, simpler solution. To see a demo of our joint solution for streamlining machine identify management and SSL certificate management, watch the webinar.

Citrix ADM streamlines the typically arduous process of implementing and maintaining SSL certificates and offers a centralized, intuitive dashboard for at-a-glance management of your entire SSL infrastructure. In a previous blog post, we detailed just how easy Citrix ADM makes it to create, install, monitor, and automatically renew SSL certificates across multiple Citrix ADC instances.

Today, we are excited to announce the Citrix ADM service integration with Venafi Trust Protection Platform.

Venafi is the leading provider of machine identity management solutions used to secure some of the largest, most sensitive networks in the world. The Venafi Trust Protection Platform improves the security posture of the enterprise with increased visibility, threat intelligence, policy enforcement, and faster incident response for certificate-related outages and compromises that leverage misused machine identities.

Previously, a network admin who had to create a certificate signing request for the public key infrastructure team handled the creation or renewal of each SSL certificate. This team would then work with a certificate authority to get a certificate, which would then be installed on the Citrix ADC and bound to the application’s virtual servers. This process involved a number of steps and multiple teams and offered less visibility into expiring or noncompliant certificates.

With Venafi integration from the Citrix ADM app dashboard, SSL certificate lifecycle management is streamlined and no longer demands the attention and time of various teams in the organization. Citrix ADM role-based dashboards allow application owners to monitor, create, renew, and bind SSL certificates for their applications through Venafi independently, without involving network admins.

Let’s look at how Citrix ADM further simplifies every stage of the certificate lifecycle with this new workflow.

Identifying Expiring and Noncompliant Certificates

Application admins can now easily monitor certificates bound to their applications. They are notified if any certificates are due for expiry or if any of their certificates do not comply with their enterprise’s SSL policies. These potential issues appear as negative impacts on an application score in Citrix ADM, enabling the admin to take proactive action to keep certificates up to date and fully compliant.

Citrix ADM app dashboard identifies all SSL certificate issues affecting an application.

Creating a Certificate Signing Request (CSR) and Issuing or Renewing Certificates

Application admins can now create Certificate Signing Requests (CSR) from the Citrix ADM app dashboard, leveraging integration with the Venafi platform to issue and renew certificates from any of the 40+ certificate authorities integrated with Venafi. For the application owners, this means that a process that used to take a few days now only needs a couple minutes — and can even be done proactively with automated renewals.

Installing a Certificate on Citrix ADC and Binding it to the Virtual Server

Application admins can now install their applications’ SSL certificates on the Citrix ADC instance and bind certificates to the virtual servers from within the Citrix ADM app dashboard.

Automating Certificate Renewal

After integrating the Venafi platform with Citrix ADM service, Citrix ADM can automatically renew and deploy SSL certificates from Venafi and deploy them across the entire Citrix ADC fleet.

Setting up automatic renewal is easy. Just configure a few parameters to fit your needs. Citrix ADM lets you enable or disable automatic renewal, choose the number of days before renewal, enter an encryption password, and automatically deploy to Citrix ADC instances after renewal. So, after certificates are issued for the first time, Citrix ADM will do all the routine work of checking expiration dates and keeping your certificates up to date.

Comparison of SSL certificate lifecycle management before and after Venafi integration (click image to view larger).

As cybersecurity continues to be one of the most important considerations for enterprises today, we are excited about expanding Citrix ADM’s machine identity management capabilities to help our customers be proactive and efficient in monitoring and managing their certificates while maintaining a consistent security posture across their entire environment.

We’ll showcase Citrix ADM service and its integration with Venafi at the 2021 Venafi Customer Summit in April. Get started today with Citrix ADM service on Citrix Cloud.