A customer faced the challenge of managing its certificates centrally for all locations worldwide.
The solution is a service that receives certificate requests (CSR) via REST API, checks the rights and creates certificates with the help of PKI, e.g. Letsencrypt.
Subsequently, these certificates are uploaded as DNS record e.g. under the hostname of the CN.
The service also takes care of the automatic renewal of the certificates and automatic upload to the DNS.
For the client different scripts for e.g. systemd, container and bash are available.
Advantages with this solution are:
- Distribution of certificates via existing and extremely robust DNS infrastructure
- High security due to decoupling of communication
- Client does not need a direct network connection to the service endpoint
- Automated certificate management
- Highly scalable