Top

Manage Certificates using Microsoft Certificate Authority (MSCA)

Key Manager Plus allows users to discover and import certificates from Microsoft Certificate Authority. By the end of this document, you will have learned the following:

  1. Request Certificate
  2. Discover Certificate
  3. Renew Certificate
  4. Export Certificate
  5. Revoke Certificate(s)
  6. Delete Certificate(s)

Navigate to SSL >> MSCA. All the certificates related to MSCA will be displayed here.

1. Request Certificate

  1. Click Request Certificate from the top pane.
  2. In the pop-up that appears,
    1. Select the Sign Type as Microsoft Certificate Authority or MSCA using Agent.
    2. If you choose Microsoft Certificate Authority, mention the Server Name that runs the internal CA and also the Certificate Authority name.

      msca-1
    3. If you choose MSCA using Agent,
      1. Select the Agent from the list available in the drop-down. You can also Manage the agent by clicking the link. To know more about managing the agent, click here.
      2. Mention the Agent Time out in seconds within which the agent should respond. If the agent doesn't respond within the time-out period, the operation will be audited as failed.
        msca-2
  3. Select the Template Name / OID based on your requirement or select any of the pre-defined templates by clicking the Get Template link.
  4. Select the CSR from the dropdown or click the Create CSR link to create new CSR and click Create.

2. Discover Certificate

  1. Click Discover.
  2. In the pop-up that appears,
    1. Select the Discovery Type as Microsoft Certificate Authority or MSCA using Agent.
    2. If you choose to discover certificates issued by a particular MSCA, select Discovery Type as Microsoft Certificate Authority.
    3. Enter the Server Name, required credentials, or choose Use Key Manager Plus service account credentials for authentication and mention the Microsoft Certificate Authiority.
      msca-3

      msca-4
    4. If you choose the Discovery Type as MSCA using Agent, Select the Agent from the dropdown and mention the agent Time out in seconds within which the agent should respond.

      msca-5
    5. You can also choose to Include Expired and/or Revoked certificates.
    6. If you choose to Include the Date Filter, select the from and to dates.
    7. If you choose to Include the Template Name / OID, select the Template Name / OID based on your requirement or select any of the pre-defined templates by clicking the Get Template link.
    8. Click Discover.
  3. You can view the discovered certificates in SSL >> Certificates Tab.

3. Renew Certificate(s)

  1. Select a certificate and click Renew at the top.
  2. If the certificate does not have a private key, Key Manager Plus allows you to create a new private key. Click Ok in the pop-up that appears.
  3. Attributes such as Renewal Type, Server Name, Template Name / OID, Certificate Authority will be auto populated from the certificate details. The Server Name is the name of the Microsoft CA server which signed the certificate. Certificate Authority is the CA service that runs in the specified Microsoft CA server.

    msca-6
  4. For certificates signed by Microsoft CA directly or using the KMP agent, validity days will be taken from the Microsoft CA server and therefore it cannot be entered manually during renewal. These types of certificates will be renewed only till the date specified in the Microsoft CA server.

Notes:

  • During the renewal process, a CSR will be generated from the available values, along with a new Private Key.
  • SHA1 certificates will be renewed using the SHA256 algorithm.

Key Manager Plus also allows you to set up auto-renewal for certificates. To know how to auto renew certificates in Key Manager Plus, click here.

4. Export Certificate

  1. Key Manager Plus allows you to export the following certificate types: .cer, .crt, .pem, .der, .p7b, .pfx, .p12, .pkcs12, .jks, .keystore.
  2. In the list view, click the certificate you want to export.
  3. In the certificate details window, click Export on the top right corner and select the required format in the which you want to export the certificate.
  4. The certificate will be downloaded to your machine in the selected format.

5. Revoke Certificate(s)

  1. Select the required certificate(s) and click Revoke at the top.
  2. In the pop up that appears, mention the Revoke Reason and click Save.

    msca-7

6. Delete Certificate(s)

  1. Select the required certificate(s) and click Delete at the top.
  2. In the pop up that appears, select if you want to Delete selected certificates from MSCA? and/or Add selected certificates to 'Excluded certificates' and click Ok.

    msca-8