SharkTrust™ from Real Time Logic is a game-changing solution for managing Public Key Infrastructure (PKI) on your Intranet Web Servers. Whether you have a product with an Embedded Web Server or any other type of server, SharkTrust can help you automate and streamline the PKI process. And the best part? SharkTrust is completely free to use, with the source code available on GitHub for your convenience. Trust SharkTrust to keep your PKI organized and your business moving forward.
If you're new to certificate management and PKI, be sure to check out our tutorial on Certificate Management and Chain of Trust. This comprehensive guide will walk you through the basics of certificate management and help you understand the concept of a chain of trust.
With SharkTrust™, you can provide your users with a seamless and secure experience when using your product on a private network. Setting up SSL Certificates can be a technical and time-consuming process, but SharkTrust completely automates it, making it easy for even those without PKI knowledge to securely access all their devices. This not only enhances the user experience, but it also frees up your support team to focus on other important tasks. Don't let complicated PKI processes hold your product and business back - implement SharkTrust™ and see the benefits for yourself.
Is the following what your customers see when they first start using your embedded web interface?
The user cannot differentiate between a man in the middle and the non trusted server's certificate when the user is forced to bypass the browser's security warning. See the tutorial hack any web server enabled product for more information.
As a device manufacturer, it's important to ensure that your customers can securely communicate with your product(s) through any web browser. While some manufacturers opt for a non secure HTTP connection, this comes with a number of disadvantages. For one, many companies now mandate security on private networks, especially when sensitive information is involved. Failing to provide HTTPS may discourage them from using your product. Additionally, many modern browsers are now flagging all HTTP connections as insecure, which can be off-putting for users and may even prevent certain browser features, like password managers, from functioning properly. This can negatively impact the user experience of your product. That's why many manufacturers are now turning to HTTPS to ensure secure communication and a positive user experience.
Using a self-signed SSL certificate may seem like a simple solution for secure communication with your product, but it comes with its own set of challenges. Browsers do not trust these certificates, leading to a warning message for users about an insecure connection. While it is possible to bypass this warning, it effectively turns the connection into a non trusted HTTP one, which can limit certain browser features that rely on HTTPS. This can have a negative impact on the user experience when communicating with their devices. It's important to consider these factors when choosing an SSL certificate for your product to ensure a positive experience for your users.
Purchasing a certificate from a Certificate Authority (CA) is a way for your users to have a secure HTTPS connection when communicating with their devices. However, CAs do not issue certificates for private networks, and this means your users must implement a Public Key Infrastructure (PKI) solution to get one. Existing PKI solutions typically require that users go through a lengthy, technically-challenging setup process, which makes using your product securely much more difficult for them. PKI tutorials are typically targeted at engineers, and your users may find them difficult to understand and follow. Additionally, you may find yourself spending valuable resources supporting customers with this process, causing headaches both for you and your customers.
Appleās Safari browser now limits certificate validity to one year and the other browser vendors will soon follow. The question is "Where do things go from here?" Since long lived certificates are a security risk, browser vendors will move to even shorter renewal time periods. Eventually all browsers will refuse certificates with expiration dates longer than 3 months, and manually updated certificates will eventually be too time consuming and impractical.
With SharkTrust™, you do not have to worry about ensuring safe and secure communication with your product from any browser, and neither do your users. By connecting to an online web interface, users can access information about all the devices on their network, and connecting to a device securely is as simple as clicking on it.
SharkTrust™ works with any embedded web server and TLS product, enabling you to integrate our automatic DNS and certificate management solution as a go-to option for customers requiring a configuration-less PKI solution for their private network.
SharkTrust's root certificate (CA certificate) is directly trusted by all major browsers and operating systems, including Microsoft, Google, Apple, Mozilla, Oracle and Blackberry. This means that no matter what device or browser is being used to connect with your product's Embedded Web Server, your users will never experience uncomfortable warning screens about unsecure connections.
SharkTrust uses the automated Let's Encrypt Certificate Authority and the Automatic Certificate Management Environment (ACME) protocol specified in RFC-8555.
The device simply needs to conform to the easy to implement SharkTrust Binary Protocol. SharkTrust may be used by any microcontroller based solution using any embedded TLS stack, as long as the embedded TLS stack can load a standard X.509 certificate and the associated private key.
SharkTrustX comes pre-integrated as a ready to use Barracuda App Server plugin. Unlike SharkTrust, SharkTrustX communicates directly with Let's Encrypt using the ACME protocol (RFC-855). The plugin also manages private key generation, certificate signing request, and required cryptology. An online service is still required, but is limited to managing the DNS.
SharkTrust is a powerful tool that can greatly enhance the security of your products, but it does require some expertise to set up and configure properly. That's where Real Time Logic comes in - we're here to provide the initial consultation and support you need to get SharkTrust up and running smoothly. Contact us to schedule your consultation and get started with SharkTrust today! And if you're an experienced Linux administrator with Ansible experience, you can find brief installation instructions on the SharkTrustX Installer GitHub page. The SharkTrustX installer can be modified to also install SharkTrust.