Automatism for Windows Certificate Authority (certrollout, renew)

%3CLINGO-SUB%20id%3D%22lingo-sub-2462597%22%20slang%3D%22en-US%22%3EAutomatism%20for%20Windows%20Certificate%20Authority%20(certrollout%2C%20renew)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2462597%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20all%2C%3C%2FP%3E%3CP%3Eaccording%20the%20certificate%20lifetime%20of%20one%20year%20for%20TLS-certificates%2C%20we%20have%20a%20lot%20of%20tasks%20for%20request%2Frenew%20certificates%20for%20all%20types%20of%20webservices%20(IIS%2C%20tomcat%2C%20apache%2C..).%3C%2FP%3E%3CP%3EWe%20are%20using%20an%20internal%20Windows%20PKI%20for%20all%20certificate%20topics%20(internal%20sites).%3C%2FP%3E%3CP%3EI%20checked%20already%20a%20few%20websites%20for%20any%20solution%2C%20but%20couldn't%20find%20any%20match.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20may%20you%20can%20support%20me%20with%20the%20following%20topic%3A%3C%2FP%3E%3CP%3EIs%20there%20any%20possibility%20to%20automatism%20the%20certificate%20request%2Frenewal%20process%20with%20a%20Windows%20CA%3F%3C%2FP%3E%3CP%3ECurrently%2C%20before%20a%20certificate%20will%20reach%20the%20expiration%20date%2C%20the%20application%20responsible%20will%20create%20a%20new%20certificate%20request%2C%20push%20it%20to%20us%20via%20E-mail%20and%20our%20PKI-Admin%20is%20creating%20the%20certificate%2C%20send%20it%20back%20and%20the%20app%20responsible%20will%20implement%20the%20new%20certificate.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20our%20goal%20to%20automatism%20this%20process%20-%20does%20there%20exist%20any%20functionality%20to%20automatism%20the%20request%20or%20at%20least%20the%20renewal%20process%20of%20certificates%3F%20I%20know%2C%20publishing%20certs%20to%20Windows%20Clients%20is%20possible.%20But%20the%20main%20webservers%20are%20tomcat%20and%20apache.%20We%20want%20to%20reduce%20the%20effort%20for%20cert-management%20for%20trusted%20services%2Fservers.%20May%20if%20possible%2C%20the%20inital%20request%20has%20to%20be%20done%20manually%2C%20all%20ongoing%20tasks%20can%20be%20done%20automatically%20in%20the%20background%20(renewing%20all%20one%20year).%3C%2FP%3E%3CP%3EI%20would%20be%20very%20grateful%20if%20someone%20here%20has%20a%20suggested%20solution%20and%20would%20share%20that%20information.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWish%20you%20a%20nice%20day%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2462597%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hello all,

according the certificate lifetime of one year for TLS-certificates, we have a lot of tasks for request/renew certificates for all types of webservices (IIS, tomcat, apache,..).

We are using an internal Windows PKI for all certificate topics (internal sites).

I checked already a few websites for any solution, but couldn't find any match.

 

So may you can support me with the following topic:

Is there any possibility to automatism the certificate request/renewal process with a Windows CA?

Currently, before a certificate will reach the expiration date, the application responsible will create a new certificate request, push it to us via E-mail and our PKI-Admin is creating the certificate, send it back and the app responsible will implement the new certificate.

 

It is our goal to automatism this process - does there exist any functionality to automatism the request or at least the renewal process of certificates? I know, publishing certs to Windows Clients is possible. But the main webservers are tomcat and apache. We want to reduce the effort for cert-management for trusted services/servers. May if possible, the inital request has to be done manually, all ongoing tasks can be done automatically in the background (renewing all one year).

I would be very grateful if someone here has a suggested solution and would share that information.

 

Wish you a nice day

0 Replies