SSL Certificate Management Made Simple, Secure, and at Scale | Riverbed

Phillip Gervasi

SSL and TLS traffic are among the most common forms of secure network traffic in today’s enterprise. The Riverbed Application Acceleration solution has been ensuring optimal service delivery of SSL and TLS traffic for years. Our solution optimizes SaaS application traffic, internal traffic, and even traffic used for service chaining with CASBs, IDS solutions, and so on. On one side of our bookended solution is a SteelHead appliance in a data center or in the cloud, and on the other end is a SteelHead in the branch or installed as an agent on an end-user’s computer. However, creating, deploying, and managing the certificates we need for each internal or external HTTPS application can be a lot of management overhead for a network operations team.

Optimizing secure traffic

When we optimize SSL and TLS traffic, all these components need to be part of the organization’s PKI, or in other words, the method we use to secure digital communication. Typically, that’s done by using certificates deployed on the server-side SteelHead and the branch SteelHead. And, each HTTPS application uses its own unique certificates.

Think about how many and how often new applications get rolled out these days—especially SaaS applications. That means manually installing certificates and updating expiring certificates whenever there’s a change or a new application is deployed.

Simplifying certificate management

To solve this, we’ve integrated a certificate management component into the Client Accelerator agent already installed locally on an end-user’s computer. With this simple software update, the Client Accelerator has the ability to generate, host, and manage the certificates we need.

There’s no longer a requirement to host certificates on the server-side SteelHead. There’s also no longer the management overhead of manually creating, configuring, and storing certificates. And since certificates can be generated locally right on the computer, we eliminate the need for a central certificate authority.

We still use the Client Accelerator controller to manage all the agents deployed in the organization, but now we also use it to manage the certificate peering, certificate rules, and installation packages. What we end up with is a simplified, modular, and largely automated method for managing all the growing number of certificates we need to optimize SSL and TLS traffic.

Optimizing SSL and TLS traffic is a no-brainer. It’s one of the most common types of secure traffic on the network, and we’ve been doing it for years. And, with Riverbed’s latest update to the Client Accelerator agent, we’ve removed the complexity and overhead for managing certificates making it that much easier to deliver SSL and TLS traffic at peak performance.

Check out this video diving into the solution in detail here: 

To learn more about other ways in which you can strengthen your security posture with Riverbed, visit:

This post was first first published on Riverbed Blog’s website by Phillip Gervasi. You can view it by clickinghere