Automatism for Windows Certificate Authority (certrollout, renew)

Copper Contributor

Hello all,

according the certificate lifetime of one year for TLS-certificates, we have a lot of tasks for request/renew certificates for all types of webservices (IIS, tomcat, apache,..).

We are using an internal Windows PKI for all certificate topics (internal sites).

I checked already a few websites for any solution, but couldn't find any match.


So may you can support me with the following topic:

Is there any possibility to automatism the certificate request/renewal process with a Windows CA?

Currently, before a certificate will reach the expiration date, the application responsible will create a new certificate request, push it to us via E-mail and our PKI-Admin is creating the certificate, send it back and the app responsible will implement the new certificate.


It is our goal to automatism this process - does there exist any functionality to automatism the request or at least the renewal process of certificates? I know, publishing certs to Windows Clients is possible. But the main webservers are tomcat and apache. We want to reduce the effort for cert-management for trusted services/servers. May if possible, the inital request has to be done manually, all ongoing tasks can be done automatically in the background (renewing all one year).

I would be very grateful if someone here has a suggested solution and would share that information.


Wish you a nice day

0 Replies