?
Solved

Management Tool for Windows Server 2008 Certificate Services

Posted on 2010-08-24
6
Medium Priority
?
931 Views
Last Modified: 2012-05-10
Hello,

We have been trying to find a Management Tool for our PKI that we are just setting up.  We have looked at FIM CM/CLM and that is not what we need at this time.  Please, if anyone knows of Managment Tools for PKI or Exit Modules that Vendors have written that can be used to provide the following.  We are basically looking for automation, reporting, monitoring and auditing:

•      Engineers must be able to obtain certs via self-service
•      Notification of cert expiration must be automatic
•      Reports must be generated for issuance of certs
•      Reports must be generated for expiration of certs
•      There must be a proper key management mechanism
•      There must be a mechanism for key issuance and reassembly
•      There must be a capacity for issuing certs for all devices on the network
•      Automatic policy driver machine/hw certification install process.
o      The certs generated for email must automatically publish to the GAL

Thank you.  msyed1.
0
Comment
Question by:msyed1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33522360
Honestly, I am unaware of any third party app which would satisfy all the requirements you place forth...  I am not even sure if all of that is possible.

First requirement:
If you meant USER accounts' certs: Your first requirement would assume that your engineers are all trusted to issue certs, which may or may not be the case.  In my environment, it is not within policy.  A cert can be acquired only by the presentation of two government issued, photo id's.  If this system is automated, then anyone can pose as someone else to create certs or add certs to smart cards.

If you meant COMPUTER accounts' certs: Microsoft's CA servers are very comprehensive in their scalability and can accommodate that relatively easily.

Your next three could be relatively simple with a little bit of time and a dedicated developer.

The next three after that can be accomplished with Microsoft's CA service directly.

Not sure about your last two, but there may be a way to hook cert creation into a script which publishes info to the GAL (I am assuming you are wanting to avoid your users having to self publish through Outlook).

Justin
0
 

Author Comment

by:msyed1
ID: 33571887
DrUltima:

Sorry for the delay in replying.  Our PKI will use membership in a domain to authenticate the user requesting certificates.

Basically, I am researching to find out what tools, vendor products are available out there in the market that can be used as a management tool for our PKI.  We have the budget allocated, but can't find the right tool.  From your experience with PKI, do you know of any management tools you can recommend ??  I have looked at one called CRT from the company CSS.  It is a reporting tool that basically reports on certificates about to expire etc.  We are looking for something much more extensive that would provide reporting, monitoring and auditing.  Thanks for your help.  msyed1.

0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33626216
Check out KeyMan.... I installed it in my lab and it worked very well to do what you seem to be wanting.  Sorry for the delay, but I had to rebuild my lab before I was willing to install and test this.

http://www.alphaworks.ibm.com/tech/keyman

Justin
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:msyed1
ID: 33626969
DrUltima:  Thank you for helping me.  This product says that it works on:
""This technology runs on any JavaTM platform, including Linux®.""

We have Windows Server 2008 AD CS.  I need a tool that will install on top of Windows Server 2008 AD CS.  Thank you. msyed1.

0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 1000 total points
ID: 33627113
From the Downloads page:

JDK 1.1 or above, or any Java system compatible with the respective  version of Sun's JDK. Swing is not required. Sun JDK 1.1.8L (or above)  or Microsoft jview 5.00.3188 (or above) is recommended.

Just install jview on your Window server and you are golden. :)

http://msdn.microsoft.com/en-us/library/aa266196%28VS.60%29.aspx

Justin
0
 

Author Comment

by:msyed1
ID: 33629410
thank you, Justin.  I will give this a try.  msyed1.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question