Certificate Management Platform Practice: From Manual to Platform-Based Operations at Scale

This article introduces vivo's journey in transforming domain certificate management from manual operations to a centralized platform approach.

Background: Previously, certificate management for vivo's internet business relied heavily on experienced senior operations engineers, creating single points of failure and excessive human dependency. As business scale expanded and quality standards increased, there was a need to strengthen centralized control over certificate information accuracy.

Capability Planning: The platform was designed to provide full lifecycle certificate management with the following capabilities: efficient certificate application (auto-generating private keys and CSR, workflow-based application), convenient certificate management (import/export multiple formats, view complete certificate info), secure private key storage (AES256 encryption), certificate expiration monitoring (30/60 days customizable alerts), and white-box certificate changes (covering NGINX, SLB, CDN, and VUA scenarios).

Technical Implementation: The frontend uses Vue2 with Element UI, while the backend is built with Go language using the Gin framework for RESTful APIs, with MySQL for data storage. The platform includes four core modules: Visualization (certificate overview, data analysis, audit trails), Management (certificate info management, application, renewal), Changes (push capabilities for NGINX, SLB, CDN, VUA), and Monitoring (lifecycle detection, validity reminders, online scanning).

Summary: The platform's implementation standardized certificate management processes, established management for certificate information, changes, alerts, and audit trails. Since launch, there have been no certificate-related availability alerts, successfully addressing efficiency and availability concerns in traditional certificate management scenarios.

Future Outlook: The article discusses potential blockchain-based certificate distribution, highlighting advantages including immutability, transparency, confidentiality, efficiency, and traceability. As blockchain and Web 3.0 technologies mature, these approaches may replace traditional certificate distribution methods.