Cisco need to develop a 'Smart SSL Certificate Manager'.
The Smart SSL Certificate Manager should facilitate a permanent connection to Automated Certificate Management Environment (ACME), on behalf of Cisco applications and servers enrolled with the former.
Smart SSL Certificate Manager should:
generate CSRs on enrolled Cisco applications and servers;
connect to ACME to request a signed certificate;
deploy signed certificates to enrolled Cisco applications and servers
apply the signed certificate without the need to reboot the application or server
Some Cisco products already support ACME but the requirement to open an insecure HTTP port to establish the ACME connection will not suit our security team.
SSL certificate management is already an overhead and with Google wanting to propose 90-day SSL certificate validity, it will reach an unmanageable level. Something like this would be a big help to reduce overhead for techs and mitigate potential service impacts.