Avatar of MarkMichael
MarkMichael
 asked on

Internal CA - managing certificates

Hi all,

We have an Internal CA issuing certificates. However, there are some servers, such as Edge services and a few others that have expired certificates.

How can we manage this from the Internal CA? Is there a console or alerting system to be able to send out alerts of certificates expiring at any point?

Also, should servers that connect directly to the CA auto renew?

Thanks,
Mark
Windows Server 2008SSL / HTTPSMicrosoft IIS Web Server

Avatar of undefined
Last Comment
MarkMichael

8/22/2022 - Mon
Tasmant

You could find information for the CA to send email alerts here:
http://technet.microsoft.com/en-us/library/cc773129%28WS.10%29.aspx

But i think you cannot monitor the nearly expired certificates, unless you set reminders in your own Outlook for them. I've always proceed with this way, especially for DMZ servers such Edge or IIS which don't have access directly to the CA.

For auto renew, sure, you could auto renew for internal servers. It wouldn't be a security issue.
Tasmant

MarkMichael

ASKER
How do certificates auto enroll anyway?

Is it an automated task via the HTTP page of the CA?

for example:

Exchange edge has an internal certificate on it.

It can get to http://internalca/certsrv

but not https://internalca/certsrv

Does auto renewal use the HTTP method or is it normally done differently?

The certificate was generated manually, so how does this fair in terms of auto renewing?

Sorry for all the questions!
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
Tasmant

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
MarkMichael

ASKER
Lovely, thanks for all that info.

Cheers.