Brian - will look into FIM CM, thanks. My point about ADFS is that we probably should be using ADFS as an authentication mechanism for external sites instead of using LDAPs, but culture is hard to change and ADFS implementation will take more resources than we have to commit right now.
Michael Merker Director of Technology Infrastructure Voice (561) 868-3252 Fax (561) 868-3259 [email protected] Palm Beach State College 4200 Congress Ave Lake Worth, FL 33461 ________________________________ From: [email protected] [[email protected]] On Behalf Of Brian Desmond [[email protected]] Sent: Wednesday, July 31, 2013 6:09 PM To: [email protected] Subject: [NTSysADM] RE: Windows Certificate Authority Management Tool FIM Certificate Management (FIM CM) might or might not do what you want. I don’t think ADFS has anything to do with this, though… Thanks, Brian Desmond [email protected]<mailto:[email protected]> w – 312.625.1438 | c – 312.731.3132 From: [email protected] [mailto:[email protected]] On Behalf Of Merker, Michael R Sent: Wednesday, July 31, 2013 3:41 PM To: [email protected] Subject: [NTSysADM] Windows Certificate Authority Management Tool We issue a large number of certificates from our subordinate CA to various in-house and 3rd-party offsite systems to encrypt traffic between systems, typically LDAPs. We’ve had Microsoft Premier Support in to clean up our certificate infrastructure, and they did a great job. Certificate infrastructure has been solid and working as expected. Our challenge is that with the number of certificates expiring and the variety of systems we have, generating new certificates that are able to be imported by other systems is sometimes challenging, as is the seemingly simple task of tracking the certificate expirations. Linux systems, in particular, don’t seem to like the certificates very well, but we usually persevere and get them to work. Is there a commercial application or service that can help us to manage the certificate renewals and generate the correct certificates for the systems to which we supply certificates? The Premier engineer did not know of anything commercial, and all of the freeware I found was not reliable enough for me to trust it to work on a regular basis. I’m hoping that someone else has experienced this same frustration and found a working answer. Going to ADFS is not feasible at this time, nor do all of the systems we issue certificate to honor ADFS. Regards, all. Michael Merker Director of Technology Infrastructure Voice (561) 868-3252 Fax (561) 868-3259 [email protected]<mailto:[email protected]> Palm Beach State College 4200 Congress Avenue Lake Worth, FL 33461 ________________________________ Please note: Due to Florida’s broad open records law, most written communication to or from College employees is public record, available to the public and the media upon request. Therefore, this e-mail communication may be subject to public disclosure.
