Automated certificate management for TLS certificates

Washington DC IT Operations Management

Release

washingtondc

ft:locale

en-US

ft:publication_title

Washington DC IT Operations Management

ft:clusterId

itom

bundleId

itom

workflow

Technology

Automated certificate management for TLS certificates

Release version: Washingtondc

Updated February 1, 2024

1 minute to read

In Certificate Inventory and Management Version 1.3.8, a new feature is introduced, allowing for the automation of the request flow for new certificates, renewals, or revoking certificates.

Certificate Inventory and Management provides the capability to automatically fetch certificates from Certificate Authorities (CAs) without requiring manual intervention from the PKI team. In Version 2.1.0, this feature supports DigiCert and Entrust CA Gateway for seamless automatic fulfillment flows, with the limitation that only OV DigiCert certificates can be requested. Additionally, Version 2.3.2 introduces support for Microsoft CA. For more information, refer to the respective provider documentation. For automated flows with DigiCert or Entrust CA Gateway in Certificate Inventory and Management, you must have permissions to request, renew, and revoke certificates.

The Microsoft CA user requires the following permissions:

Table 1. Microsoft Gateway user permissions
Permission	Action
CredSSP on CA, intermediate server, and MID Server	Set up CredSSP on CA, intermediate server, and MID Server. For CredSSP configuration steps, see the Now Support Knowledge Base documented in the KB article KB1632624.
Membership in Enterprise Admins	Ensure the user holds membership in the Enterprise Admins group.
Security Group Inclusion for Template	Ensure the user is included in the Security Group of the template.
Specific Permissions in CA	Grant the user permissions: Read, Issue and Manage Certificates, Manage CA, and Request Certificates in the CA.