Security News > 2020 > November > Moving past the madness of manually updated X.509 certificates

Moving past the madness of manually updated X.509 certificates
2020-11-02 05:45

Microsoft Active Directory Certificate Services is an integrated, optional component of Windows Server designed to issue digital certificates.

There are no free or open source Linux, UNIX or Mac tools available today that provide auto-enrollment or integrate with the Microsoft CA. The only "Free" option is to manually create and renew certificates from a Microsoft CA using complicated and error-prone commands.

Within enterprise networks, Linux is often used for critical services that require X.509 trusted certificates.

A few years ago, when multi-year certificate lifespans were the norm and certificate volumes were lower, a few manually issued certificates weren't seen as a big problem.

Such processes were easily justified by saying that the certificates could be easily tracked using a spreadsheet, and since the numbers were small and certificate renewals were years apart, it wasn't worth the effort to get a product to solve the problem when the existing solution was sufficient.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/8zL84Q-6860/