Internal CA - managing certificates

Hi all,

We have an Internal CA issuing certificates. However, there are some servers, such as Edge services and a few others that have expired certificates.

How can we manage this from the Internal CA? Is there a console or alerting system to be able to send out alerts of certificates expiring at any point?

Also, should servers that connect directly to the CA auto renew?

LVL 15
Who is Participating?
TasmantConnect With a Mentor Commented:
automatic enrollment usually rely on DCOM and RPC protocol.
you can renew certificate with http, but only manually (unless you use 2008R2 and Windows 7 clients:
if you cannot access https, either you have a firewall blocking port 443 from your edge to the internal CA, either the web enrollment site hasn't been configured to use https.
i think in your case the certificate won't update automatically

there's information here about port used and renewal methods :
You could find information for the CA to send email alerts here:

But i think you cannot monitor the nearly expired certificates, unless you set reminders in your own Outlook for them. I've always proceed with this way, especially for DMZ servers such Edge or IIS which don't have access directly to the CA.

For auto renew, sure, you could auto renew for internal servers. It wouldn't be a security issue.
MarkMichaelAuthor Commented:
How do certificates auto enroll anyway?

Is it an automated task via the HTTP page of the CA?

for example:

Exchange edge has an internal certificate on it.

It can get to http://internalca/certsrv

but not https://internalca/certsrv

Does auto renewal use the HTTP method or is it normally done differently?

The certificate was generated manually, so how does this fair in terms of auto renewing?

Sorry for all the questions!
MarkMichaelAuthor Commented:
Lovely, thanks for all that info.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.