|
Posted by =?Utf-8?B?REpI?= on November 13, 2007, 1:47 am
If you were Registered and logged in, you could reply and use other advanced thread options
ILM seems like overkill for what we need it for.. hopefully one of the
scripting guys here can look at iCertAdmin.
I found a linux script to check for PEM Encoded X.509 certificates here:
http://prefetch.net/articles/checkcertificate.html
But we need to be checking other types of certs
thanks
"Brian Komar" wrote:
> This is possible through Identity Lifecycle Manager 2007. ILM 2007 keeps
> track of all certificates in its own SQL database.
> You can configure the Renew policy to send the original requester an email
> message when the Web server certificate enters its renewal period. This is
> based on the renewal interval defined in the certificate template (the
> default is 6 weeks before expiration for a 1 year certificate)
>
> I guess you could use iCertAdmin to query the CA database to do something
> similar
> Brian
>
> > Hey,
> >
> > I'm currently getting up to speed on our internal PKI implementation. We
> > use
> > an enterprise PKI with an offline root.
> >
> > We have distributed our Root certificate via a GPO so that all
> > desktops/servers recieve the root certificate. We have also enabled auto
> > enrollment via group policy.
> >
> > For the IIS web servers we have, they are able to renew their certificates
> > if the computer account is a member of a particular group and assuming the
> > cert hasnt been revoked etc. (We still need to test this as we only
> > recently
> > implemented the PKI)
> >
> > For any non windows webservers, the admin will request a cert in base 64
> > format and send us the output, which we then submit to
> > http://servename/certsrv and then send them back the .cer file (as well as
> > the root certificates if they arent already on the box).
> >
> > These SSL certificates have a validity of 12 months. Currently the only
> > way
> > to determine if a certificate is about to expire is by manually checking
> > the
> > expiration dates of all the certs. I've been trying to find a
> > plugin/addon/app which can send the CA admins an email when certificates
> > are
> > about to expire but the only product I can find is ILM-CM. Now it looks
> > like
> > a good product and has some handy features, but seems like overkill when
> > we
> > just want a notification service.
> >
> > Are there any other apps out there which can bolt onto MS PKI to alert
> > when
> > certificates expire? Any other methods out there?
> >
> >
>
| 
XML site map