• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • Navigation-dropdown-promo-threat-report_020521
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Product

DigiCert CA Plugin for Lemur

By Chris Dorros
Posted on February 12, 2016
Updated on March 4, 2020

Share

Facebook0Tweet0LinkedIn0

Today the OpenDNS engineering team is releasing a DigiCert Issuer Plugin for Netflix’s recently released Lemur TLS certificate management tool.

Motivation

Anyone who’s had to create, distribute, and manage SSL/TLS certificates can tell you how much of a pain it can be. It often involves many manual steps, which are both time consuming and highly error-prone.
This is roughly how creating and requesting a TLS certificate used to look like for developers at OpenDNS:

  1. Generate private key and CSR locally
  2. Upload the CSR via CA’s web GUI portal
  3. Get request approved
  4. Download the certificate
  5. Install the certificate on web server
  6. Realize the certificate wasn’t in the proper format
  7. Re-install certificate
  8. (2 years later) Forget how to do the above and repeat at step 1

There is no reason each developer needs to waste countless hours weeding through an unscalable, manual process like this. Thus, when we set out to fix this issue, we fell in love with Netflix’s Lemur.

What we Built

Lemur came with Verisign support out of the box, but we use DigiCert around here. Fortunately, the authors of Lemur had enough foresight to build a plugin framework, which means we can easily share our DigiCert plugin for Lemur!
Now our process looks something like this:

  1. Login to Lemur web GUI
  2. Fill out form with certificate details (CN, validity period, etc) and hit request
    1. Private key and CSR are magically created behind the scenes. Lemur interacts with CA’s API to request and retrieve certificate.
  3. Transfer key and cert materials to secrets management service
  4. Keys and certificates are deployed to server via secrets management service

How to Get it

Head over to the GitHub page for instructions on setting it up and generating reports. Contributions definitely welcome! Feel free to fork & feature requests! Hope you find it useful.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella