Manage Certificates using Microsoft Certificate Authority (MSCA)

Password Manager Pro allows users to discover and import certificates from Microsoft Certificate Authority. By the end of this document, you will have learned the following:

  1. Request Certificates
  2. Discover Certificates
  3. Renew Certificates
  4. Export Certificates
  5. Revoke Certificates
  6. Delete Certificates

Navigate to Certificates >> MSCA. All the certificates related to MSCA will be displayed here.

1. Request Certificates

  1. Click Request Certificate from the top pane.
  2. In the pop-up that appears:
    1. Select the Request Type as Microsoft CA or MSCA using Agent.
    2. If you choose Microsoft CA, mention the Server Name that runs the internal CA and also the Certificate Authority name.
      msca-1
    3. If you choose MSCA using Agent,
      1. Select the Agent from the list available in the drop-down. You can also Manage the agent by clicking the link beside the drop-down. To know more about managing the agent, click here.
      2. Mention the Agent Time out in seconds within which the agent should respond. If the agent doesn't respond within the time-out period, the operation will be audited as failed.
        msca-2
  3. Select the Template Name / OID based on your requirement or select any of the pre-defined templates by clicking the Get Templates link.
  4. Select the CSR from the dropdown or click the Create CSR link to create new CSR and click Create.

2. Discover Certificates

  1. Click Discover from the top pane.
  2. In the pop-up that appears:
    1. Select the Discovery Type as Microsoft CA or MSCA using Agent.
    2. If you choose to discover certificates issued by a particular MSCA, select Discovery Type as Microsoft CA.
    3. Enter the Server Name, required credentials, or choose Use Password Manager Pro service account credentials for authentication and mention the Microsoft CA.
      msca-3
      msca-4
    4. If you choose the Discovery Type as MSCA using Agent, select the Agent from the dropdown and mention the agent Time out in seconds within which the agent should respond.
    5. msca-5
    6. You can also choose to Include the Expired and/or Revoked certificates.
    7. If you choose to Include the Date Filter, select the from and to dates.
    8. If you choose to Include the Template Name / OID, select the Template Name / OID based on your requirement or select any of the pre-defined templates by clicking the Get Template link.
    9. Click Discover.
  3. You can view the discovered certificates in the Certificates >> Certificates Tab.

3. Renew Certificates

  1. Select a certificate and click Renew at the top.
  2. If the certificate does not have a private key, Password Manager Pro allows you to create a new private key. Click OK in the pop-up that appears.
  3. Attributes such as Renewal Type, Server Name, Template Name / OID, Certificate Authority will be auto populated from the certificate details. The Server Name is the name of the Microsoft CA server which signed the certificate. Certificate Authority is the CA service that runs in the specified Microsoft CA server.
    msca-6
  4. For certificates signed by Microsoft CA directly or using the SSL agent (KMP agent), validity days will be taken from the Microsoft CA server and therefore it cannot be entered manually during renewal. These types of certificates will be renewed only till the date specified in the Microsoft CA server.
  5. Notes:
    i. During the renewal process, a CSR will be generated from the available values, along with a new Private Key.
    ii. SHA1 certificates will be renewed using the SHA256 algorithm.

Password Manager Pro also allows you to set up auto-renewal for certificates. To know how to auto renew certificates in Password Manager Pro, click here.

4. Export Certificates

  1. Password Manager Pro allows you to export the following certificate types: .cer, .crt, .pem, .der, .p7b, .pfx, .p12, .pkcs12, .jks, .keystore.
  2. In the MSCA certificates window, click the certificate you want to export.
  3. In the Certificate Details window, click Export on the top right corner and select the required format in the which you want to export the certificate.
  4. The certificate will be downloaded to your machine in the selected format.

5. Revoke Certificates

  1. Select the required certificates and click Revoke at the top.
  2. In the pop up that appears, mention the Revoke Reason from the dropdown and click Save.
    msca-7

6. Delete Certificates

  1. Select the required certificates and click Delete at the top.
  2. In the pop up that appears, select if you want to Delete selected certificates from MSCA? and/or Add selected certificates to 'Excluded certificates' and click OK.
    msca-8



Top