Hi,
We are an MSP that is managing multiple Azure sub tenants for our customers and is looking to automate certificate renewals for them. Is it possible with the Azure Marketplace edition of Certify to do the following?
Thank you.
The marketplace edition of certify is just a billing mechanism for the license keys, otherwise it’s all the same. You can manage multiple license keys associated with different azure subs if that’s preferable.
In terms of having one place to manage all the certificates you could run one Certify Management Hub and have each individual customer instance talk to that. That gives you single UI to use to create managed certificates.
Currently, certificate renewals for individual managed instances happen on the instance themselves, but we shortly plan to introduce the option to pull certificates for the hub, so that the actual renewals can happen there as well, but the deployment happens on the instances.
We would suggest that you don’t host your hub on the public internet, because we don’t do anything special to the app to harden it against public “scrutiny” - it’s probably fine, but we don’t make specific assurances around that currently. If customer servers could tailscale or vpn etc back to your hub that would be great, or only allow customer specific IPs. Whatever way you want to do that is up to you based on your preference. The instances require outgoing connections to the hub.
Okay please lmk when the hub feature regarding pulling and renewing from external instances is available if possible. Thank you.