SAP is proud to announce its sponsorship of Let’s Encrypt. SAP decided to support the effort of the Internet Security Research Group (ISRG) as a non-profit organization that increases the security of the Internet by providing a free, automated and open Certificate Authority (CA) for TLS/SSL certificates to run websites on HTTPS. Let’s Encrypt is the leading pioneer in automation of certificate management of TLS certificates.
SAP modern cloud offerings require highly flexible and scalable certificate services to enable the increased agility and performance that today’s and future applications need. Automation of certificate management is key to scale operations and meet the needs of security and business.
Full automation of the certificate lifecycle management is accomplished by a highly advanced certificate management agent on each web server that interacts with a CA like Let’s Encrypt. The agent creates the key pair, requests a TLS server certificate, configures the certificate for use on the server, and automatically takes care of its renewal. The challenge of authentication and authorization of the certificate request in such a fully automated process without any human intervention is solved by the innovative ACME protocol. This standardized protocol verifies that the certificate requestor controls a given domain name before issuing a TLS server certificate to this domain. How the process works in detail is described on the Let’s Encrypt website at https://letsencrypt.org/how-it-works/
Due to the automated key and certificate management the validity of the TLS server certificates can be shortened and thus the security of the TLS server certificates improved. Reducing the lifetime of a certificate allows certificates to be changed more often and thus minimizes compromised or mis-issued active certificates. If a private server key became compromised the damage will be limited due to the short lifetime of the TLS server certificate. Let’s Encrypt issues TLS certificates that are valid for 90 days.
SAP foresees an immense potential in certificate-based authentication for cloud technologies and will actively contribute to the development of automated certificate lifecycle management.