Our DevOps team introduced automation using Python to minimize manual intervention and iron out any scope for error.
Jenkins is a platform expressly designed to handle the continuous integration and continuous delivery (CI/CD) of software applications. Our team adapted a Jenkins job to perform CI/CD on SSL certificate management. The automation scripting performs certificate renewal, deployment, and profile updates on respective F5 servers only after checking the certificate expiration date.
The solution is broken down into three stages, driven by a Jenkins job. In the first stage, the certificate is downloaded from Venafi and stored in a local system. The expiration date of this certificate is compared with the current system date and time. If the certificate is due to expire within 20 days, the script moves to the next stage.
In the next stage, the automated process renews the identified certificate by making a call to the Venafi APIs. A third stage deploys the renewed certificate to the appropriate F5 server. The newly installed certificate and associated keys are then stored in a secure SSL profile database.
Highlights of the solution include:
- Automated SSL certificate expiration monitoring: Our team modified a Jenkins job to continuously monitor all F5 servers for certificate expiration.
- Securely managed machine identities: We chose to use Venafi, a hosted service that provides secure lifecycle management of each F5 server’s identity and its SSL certificates.
- A powerful scripting engine: Our team used the Python programming language to do the heavy lifting. Python is widely available, well documented, and is supported by an active developer community.