according the certificate lifetime of one year for TLS-certificates, we have a lot of tasks for request/renew certificates for all types of webservices (IIS, tomcat, apache,..).
We are using an internal Windows PKI for all certificate topics (internal sites).
I checked already a few websites for any solution, but couldn't find any match.
So may you can support me with the following topic:
Is there any possibility to automatism the certificate request/renewal process with a Windows CA?
Currently, before a certificate will reach the expiration date, the application responsible will create a new certificate request, push it to us via E-mail and our PKI-Admin is creating the certificate, send it back and the app responsible will implement the new certificate.
It is our goal to automatism this process - does there exist any functionality to automatism the request or at least the renewal process of certificates? I know, publishing certs to Windows Clients is possible. But the main webservers are tomcat and apache. We want to reduce the effort for cert-management for trusted services/servers. May if possible, the inital request has to be done manually, all ongoing tasks can be done automatically in the background (renewing all one year).
I would be very grateful if someone here has a suggested solution and would share that information.