Chrome update prompts DTA to rethink security certs

By

Automates processes.

The Digital Transformation Agency has automated the process of issuing and renewing website security certificates for its many websites by using certificate authority Let’s Encrypt.

Chrome update prompts DTA to rethink security certs

The agency used the upcoming Google Chrome web browser update that will mark all HTTP sites ‘not secure’ as an opportunity to improve how it managed security certificates.

The update is aimed at stamping out unencrypted web connections by prompting site owners to switch to HTTPS, which encrypts data in transit to prevent access by attackers.

Ahead of the July update to Chrome, the DTA has settled on Let’s Encrypt – a free certificate authority run by the Internet Security Research Group – to provide domain validated certificates for all of its sites.

Site reliability engineer Adam Eijdenberg said in a blog post that all 150 existing applications that run on cloud.gov.au "support secure HTTPS connections and actively redirect HTTP requests to the secure equivalent."

But he saw opportunities to get "better at how we launch sites, and issue and renew website security certificates".

"Automatic issuing and renewal is an important criteria for us given we practise infrastructure as code techniques and manage many sites," he said.

"We found a protocol we can use to automate how certificates are verified and issued which is the Internet Engineering Task Force’s (IETF's) draft Automatic Certificate Management Environment (ACME).

"At the time of writing Let’s Encrypt is the only service that supports this relatively new protocol and we hope others will follow.

“We were able to install an ACME client in our stack so that certificates are automatically provisioned, renewed, tested, deployed and served by our platform.”

The agency is also using Amazon Certificate Manager for the “handful of wildcard certificates for some internal facing components”.

However, Eijdenberg noted that "since we started using their service, Let’s Encrypt have announced they support automatic provisioning of wildcard certificates."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
chromedtagooglegovernmenthttphttpssecuritystrategy

Sponsored Whitepapers

Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom, Microsoft, and AMD Ryzen™ AI PCs
Futureproof Your Business with Datacom, Microsoft, and AMD Ryzen™ AI PCs
See everything. Do more.
See everything. Do more.

Events

Most Read Articles

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?