惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recorded Future
Recorded Future
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
WordPress大学
WordPress大学
博客园 - 聂微东
L
LINUX DO - 最新话题
月光博客
月光博客
小众软件
小众软件
T
Troy Hunt's Blog
A
Arctic Wolf
量子位
I
Intezer
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
Schneier on Security
Schneier on Security
Schneier on Security
NISL@THU
NISL@THU
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园_首页
有赞技术团队
有赞技术团队
N
News and Events Feed by Topic
美团技术团队
The Cloudflare Blog
P
Privacy International News Feed
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
N
News | PayPal Newsroom
Apple Machine Learning Research
Apple Machine Learning Research
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
Application and Cybersecurity Blog
Application and Cybersecurity Blog
IT之家
IT之家
Hacker News: Ask HN
Hacker News: Ask HN
雷峰网
雷峰网

VMware Blogs

Diagnostics for VMware Cloud Foundation (VCF) 9.1 with Old Versions of VCF Components Mastering Infrastructure Policies in VMware Cloud Foundation Automation 9.1 Modernizing the Private Cloud: Why VCF 9.1 Lifecycle Management is a Game Changer Announcing the VMware Cloud Foundation 9.1 Upgrade Planning Tool VCF Breakroom Chats Episode 86 – Containers Made Easy: The New “Container-as-a-Service” in VCF 9.1 Securing Your VCF 9.1 Infrastructure with the Symantec Identity Security Platform Virtually Speaking: The AI Reality Check with Dave Linthicum Zero Touch Provisioning: Activating Edge Sites with VMware Cloud Foundation Edge 9.1 VCF Breakroom Chats Episode 85 – Cloning Success at Scale: Inside VCF 9.1’s App Stack Formation VMware Cloud on AWS の使用状況を確認できる API Unlocking the Full Potential of Programmable Infrastructure with VMware Cloud Foundation 9.1 – New Features and Capabilities Smarter Patching at Scale: Vulnerability Assessment and Remediation with VMware Tanzu Platform Encrypted vMotion Offload to Intel QAT in VMware Cloud Foundation 9.1 Deepen Your Expertise: Four Key Benefits of Attending Increase Deployment Flexibility with VCF Edge Automation 1.0.3 More Memory, Less Effort: Configuring Memory Tiering in VCF 9.1 VCF 9.1 Licensing: Programmatic, Centralized, and Built to Scale Why APJ Networking Professionals Need Private Cloud Expertise VCF 9.1 Networking: Simpler VPC Connectivity Control VCF 9.1 Networking: Exploring Network Services for Virtual Private Clouds VCF Networking 9.1: Seamless DDI Integration with Infoblox The Open Source Advantage: Building from Source for Ultimate Security Expand Shared VMDKs with Clustered Applications in VMware vSAN for VCF 9.1 Monetizing Zero-Trust Security with VCF 9.1 and VMware vDefend VMware vSAN Protection and Recovery Enhancements for VCF 9.1 Deliver Production SQL Server DBaaS with VMware Data Services Manager 9.1 Maximizing Profitability: VCF 9.1 Cost-Focused Approach for VMware Cloud Service Providers Modernizing Your Infrastructure: Introducing VMware Cloud Foundation 9.1 to VCSPs VCF 9.1 is Available: Explore the New Features in Hands-on Labs What’s New with vSphere in VMware Cloud Foundation 9.1? Resizing VMware vCenter in VMware Cloud Foundation 9 Non-Disruptive VMware vCenter Patching in VMware Cloud Foundation 9.1 VMware vCenter Virtual Hardware Gets an Upgrade in vSphere with VCF 9.1 AI Has Changed the Threat Landscape. Is Your Infrastructure Ready? Simplifying Storage with the New Effective Capacity View in VMware vSAN for VCF 9.1 Auto-RAID in VMware vSAN for VCF 9.1 – Comprehensive System-Managed Data Resilience Introducing VMmark 4.1: Enhanced Power Efficiency Benchmarking for Private Cloud Infrastructure Advanced Memory Tiering Enhancements in VMware Cloud Foundation 9.1 VCF 9.1 Is Here. See It in Action. 博通發布 VMware Cloud Foundation 9.1 How Broadcom Is Helping Enterprises Win the AI Security Sprint How to Prepare for the World of AI Driven Exploits Avi Innovations for VCF 9.1: Powering Kubernetes, Agentic AI and VPC Workloads VCF 9.1: The Secure, Cost-Effective Private Cloud Platform for Production AI Announcing VCF 9.1: Modern Private Cloud Built for Efficiency and Resilience Announcing VMware Cloud Foundation Edge 9.1: A Scalable, Autonomous Edge Platform Accelerate, Streamline, and Control Your Self-Service Private Cloud with VMware Cloud Foundation 9.1 Deploy Modern Apps Faster, Scale Smarter, and Lower Your TCO with VMware vSphere Kubernetes Service in VCF 9.1 Scale Smarter, Save More: Redefining Infrastructure Economics with VMware vSphere in VCF 9.1 AI with VCF 9.1 on AMD GPUs: Build with open frameworks and simplify management, at a lower TCO Streamline, Simplify and Protect all your AI workloads with VCF 9.1 Simplify Workload Connectivity and Enhance Network Scale and Performance with VCF 9.1 VMware and CrowdStrike Deliver New Integration for Cyber Recovery Workflows How Many Users Can Your LLM Server Really Handle? From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 2 The New Frontier: Leading the Cloud-Native Evolution Replicating VMware vSphere Configuration Profile Desired State Webinar Recap: Design and Architecture Considerations for VMware vSphere Kubernetes Service on VMware Cloud Foundation Kubernetes 1.36: What Actually Changed for Enterprise Platforms Enhance Lateral Security and Ingress Load Balancing for Kubernetes Workloads Avi Load Balancer Analytics: Root Cause Application Performance Issues in Minutes Analyst Insight Series #3: Policy-Driven Governance and Multi-Tenant Control Post-Quantum Readiness on VMware Cloud Foundation Registration Is Live for Las Vegas | $ave with Early-Bird May 21, 2026: What’s New in VMware Tanzu Data Intelligence 10.4 From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 1 Stop Guessing: Advanced Monitoring and Troubleshooting for Data Services CPU, Disk, Network, and Memory Workload Profiles for DVD Store Database Testing How VMware Salt Automates Compliance Across Private Cloud Analyst Insight Series #2: Operational Scalability and Lifecycle Management MCP vs. APIs: Why You Need Both for AI Applications The Real Constraint on Enterprise AI isn’t GPUs; It’s Power Deploying Harbor Service in Air-Gapped VMware Cloud Foundation 9.0 Why Enhanced DirectPath Wins for High-Performance Apps Bridging the (.Local) Gap: A Split-Domain Design for VMware Cloud Foundation Deployment Observability on VMware vSphere Kubernetes Service VMware Cloud on AWS: Introducing the Usage Report APIs Converging VMware vSphere to VMware Cloud Foundation 9.0: The Top 10 Questions Answered May 6, 2026: What’s New in Tanzu Platform 10.4: Powering Agentic Apps at Scale VMware Tanzu RabbitMQ Powers the Modern Data Lakehouse with New Spark Integration and Enterprise Tooling Tanzu Data Intelligence 10.4 Delivers AI-Driven Analytics, Unified Real-Time Operations, and Sovereign Resilience Enterprise-Ready Agents Made Simple & Safe with VMware Tanzu Platform Agent Foundations Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications How AI-Assisted Analytics in Tanzu Data Intelligence Can Help Remove the SQL Bottleneck From Prototype to Production: Securing Database MCP at Enterprise Scale The Compelling Case for a Private Cloud Data Intelligence Platform The Unification Dividend: Consolidating Database Operations on VMware Cloud Foundation The Modern Spring Workflow Is Enterprise-Ready and AI-Boosted [TAM Blog] セキュアブート証明書の有効期限切れに関する注意点と対応について Accelerate Lateral Security and Ingress Load Balancing for Kubernetes Workloads From Platform to Data: Building a Cloud-Native Developer Experience On-Prem with VMware Cloud Foundation How VMware Cloud Foundation (VCF) Training Helps Keep Top Tech Talent in APJ Build Your Case for Attending VMware Explore 2026 Spring 開発元が提供する商用サポート「VMware Tanzu® Spring Essentials」とは VMware Cloud on AWS より i7i.metal-24xl インスタンスの提供開始 VMware Advanced Memory Tiering Tips for Success VMware Cloud Foundation Edge 9.0: Two-Host Edge Site Deployment with Brownfield Import Your Database Is About to Become an AI Tool. Is It Ready? Applying GitOps Principles to Maintain Desired State Configuration using VMware vSphere Configuration Profile – Part 3 Webinar Recap: Converging VMware vSphere to VMware Cloud Foundation 9.0
Avi Advantage: Automating Certificate Management of VCF Workloads
Matt Adam · 2026-05-19 · via VMware Blogs

Cyber attacks are unrelenting. The landscape of web security is undergoing a massive shift. Public Certificate Authorities (CAs) are moving aggressively to adopt the SC-081v3 standard, designed to drastically reduce certificate validity periods and limit the blast radius of compromised keys. For enterprise IT teams, the renewal runway is becoming critically short.

As of March 2026, the maximum validity period has already dropped to 200 days. This timeline only accelerates from here: maximum validity drops to 100 days in March 2027, and plummets to a mere 47 days by March 2029. Relying on legacy certificate management processes in this new reality is a recipe for application outages.

The Imperative for Certificate Automation

The reliance on manual and static maintenance windows for SSL/TLS certificate lifecycle management is no longer a viable strategy for the modern enterprise especially given the urgency of shortened validity period. These legacy methodologies are inherently slow and susceptible to human errors, often leading to significant operational disruptions. 

In high-scale environments encompassing thousands of application workloads, automated certificate orchestration has become a must-have. While organizations have automated certificates at workload level, managing these certificates on the load balancers remains a major challenge. VMware Avi Load Balancer (Avi) integrates with VMware Cloud Foundation (VCF) to automate certificate management to ensure renewals and updates are executed seamlessly. This minimizes downtime risk and enables rapid certificate expiration detection and timely certificate refresh cycle.

Avi transforms how enterprises handle cryptographic identities by completely automating the certificate management process. Implementing this automation delivers three critical business benefits:

  • No Expired Cert Outages: Avi automatically tracks, renews, and deploys SSL/TLS certificates across all virtual services before they expire, ensuring uninterrupted service availability.
  • No Additional Licenses Required:: Avi’s certificate management is in-built, removing the cost and complexity of third-party tools by automating the full certificate lifecycle natively within the platform.
  • Operational Efficiency: Automation permanently eliminates the toil of manual certificate tracking, Certificate Signing Request (CSR) generation, and pushing certificates across distributed applications.

Avi Certificate Management on VCF

Avi’s software-defined architecture is designed to simplify and centralize complex security operations, offering automated certificate management, especially within the VCF environment. Because Avi integrates with VCF, it allows administrators to automate the provisioning, enforcement, and lifecycle management of security services across their workload domains. This deep integration means that SSL/TLS certificates, web application firewall (WAF) policies, and cryptographic standards can be centrally managed and dynamically applied to applications as they scale. Consequently, IT teams benefit from automated certificate renewals, centralized visibility into secure traffic flows, and a significantly reduced risk of outages or compliance violations within their software-defined data center.

Avi’s automated certificate management is characterized by three key capabilities:

  • CA Integrations: Avi natively supports a wide range of Private and Public CAs, including Let’s Encrypt, Sectigo, and others via the ACME protocol, ensuring compatibility with your existing security infrastructure.
  • Automated Lifecycle: The platform guarantees end-to-end automation for certificate issuance, renewal, and deployment. This is achieved directly on the application layer with zero downtime, critical for maintaining high availability in VCF deployments.
  • Centralized Management: Administrators benefit from a single, unified control plane (the Avi Controller) for comprehensive visibility and management of all application certificates. This approach is particularly powerful for managing certificates across VCF and other disparate environments, ensuring consistent policy enforcement and streamlined operations across your entire infrastructure.

Robust Certificate Management Capabilities

To support diverse enterprise requirements, Avi includes a comprehensive suite of certificate lifecycle capabilities out-of-the-box. Key Avi capabilities include:

  • CSR Automation with dynamic parameters: Implement automated Certificate Signing Request (CSR) generation where parameters like domain names and organizational details are dynamically sourced, reducing manual effort and errors.
  • Third-Party Certificate Imports: Streamline the process of importing certificates issued by external CAs into the internal infrastructure.
  • Automated Lifecycle Management: Ensure all certificates are automatically renewed, revoked, and provisioned according to their defined lifecycle policies without human intervention.
  • Custom Renewal Scripts: Flexibility to create custom renewal scripts for different CAs and specific environments.
  • Automated Certificate Chaining: Automatically assemble and manage the full trust chain for each certificate, ensuring proper installation and browser compatibility.
  • Certificate Management Scripts: Currently utilizing scripts integrated with popular certificate providers and management platforms to handle various certificate operations.

Avi Certificate Management Workflow

Avi streamlines the workflows in six easy steps:

1. Generate CSR with Parameters

The process begins inside the SSLCertificate object on the Avi Controller. The user (or a scheduled refresh) triggers the generation of a Certificate Signing Request (CSR) using defined parameters like Common Name (CN), Subject Alternative Name (SAN), and key size.

2. Pass CSR to Certificate Management Profile

The generated CSR data is then handed off to the Certificate Mgmt Profile. This profile contains the specific logic and credentials needed to communicate with your chosen external Certificate Authority (CA).

3. Submit CSR + Metadata to Certificate Authority

The Certificate Management Profile acts as the gateway, sending the CSR along with any required metadata (such as API keys or authentication tokens) across the network to the external Certificate Authority.

4. Receive Certificate from CA

The Certificate Authority processes the request, validates the identity, signs the certificate, and sends the signed Certificate back to the Avi Controller’s Management Profile.

5. Return Certificate to SSL Object

The Certificate Management Profile receives the signed file and passes the Certificate back to the internal Certificate data (CSR) placeholder. This effectively completes the handshake between the external entity and the internal Avi object.

6. Update SSLCertificate

In the final step, the Certificate is officially tied back to the SSLCertificate parent object. This replaces the old or pending certificate data with the new, valid certificate, making it ready for use by Virtual Services.

As the industry accelerates toward shorter certificate lifespans, adopting an automated, centralized approach is the only sustainable path forward. By leveraging Avi on VCF, enterprises can eliminate the risk of expiration outages, streamline operational workflows, and future-proof their application delivery infrastructure. 

Here is a demo on How to Automate Certificate Management with VMware Avi Load Balancer.