Manage Certificates using Microsoft Certificate Authority (MSCA)

PAM360 allows users to discover and import certificates from Microsoft Certificate Authority. By the end of this document, you will have learned the following:

Request Certificate
Discover Certificate
Renew Certificate
Export Certificate
Revoke Certificate
Delete Certificate

Navigate to 'Certificates >> MSCA'. All the certificates related to MSCA will be displayed here.

1. Request Certificate

Click Request Certificate from the top pane.
In the pop-up that appears:
1. Select the Request Type as Microsoft CA or MSCA using Agent.
2. If you choose Microsoft CA, mention the Server Name that runs the internal CA and also the Certificate Authority name.
3. If you choose MSCA using Agent,
  1. Select the Agent from the list available in the drop-down. You can also Manage the agent by clicking the link beside the drop-down. To know more about managing the agent, click here.
  2. Mention the Agent Time out in seconds within which the agent should respond. If the agent doesn't respond within the time-out period, the operation will be audited as failed.
Select the Template Name / OID based on your requirement or select any of the pre-defined templates by clicking the Get Templates link.
Select the CSR from the dropdown or click the Create CSR link to create new CSR and click Create.

2. Discover Certificate

Click Discover from the top pane.
In the pop-up that appears:
1. Select the Discovery Type as Microsoft CA or MSCA using Agent.
2. If you choose to discover certificates issued by a particular MSCA, select Discovery Type as Microsoft CA.
3. Enter the Server Name, required credentials, or choose Use PAM360 service account credentials for authentication and mention the Microsoft CA.
4. If you choose the Discovery Type as MSCA using Agent, Select the Agent from the dropdown and mention the agent Time out in seconds within which the agent should respond.
5. You can also choose to Include the Expired and/or Revoked certificates.
6. If you choose to Include the Date Filter, select the from and to dates.
7. If you choose to Include the Template Name / OID, select the Template Name / OID based on your requirement or select any of the pre-defined templates by clicking the Get Template link.
8. Click Discover.
You can view the discovered certificates in Certificates >> Certificates Tab.

3. Renew Certificate

Select a certificate and click Renew at the top.
If the certificate does not have a private key, PAM360 allows you to create a new private key. Click Ok in the pop-up that appears.
Attributes such as Renewal Type, Server Name, Template Name / OID, Certificate Authority will be auto populated from the certificate details. The Server Name is the name of the Microsoft CA server which signed the certificate. Certificate Authority is the CA service that runs in the specified Microsoft CA server.
For certificates signed by Microsoft CA directly or using the SSL agent (KMP agent), validity days will be taken from the Microsoft CA server and therefore it cannot be entered manually during renewal. These types of certificates will be renewed only till the date specified in the Microsoft CA server.

Notes:
i. During the renewal process, a CSR will be generated from the available values, along with a new Private Key.
ii. SHA1 certificates will be renewed using the SHA256 algorithm.

PAM360 also allows you to set up auto-renewal for certificates. To know how to auto renew certificates in PAM360, click here.

4. Export Certificate

PAM360 allows you to export the following certificate types: .cer, .crt, .pem, .der, .p7b, .pfx, .p12, .pkcs12, .jks, .keystore.
In the MSCA certificates window, click the certificate you want to export.
In the Certificate Details window, click Export on the top right corner and select the required format in the which you want to export the certificate.
The certificate will be downloaded to your machine in the selected format.

5. Revoke Certificates

Select the required certificates and click Revoke at the top.
In the pop up that appears, mention the Revoke Reason from the drop-down and click Save.

6. Delete Certificate

Select the required certificates and click Delete at the top.
In the pop up that appears, select if you want to Delete selected certificates from MSCA? and/or Add selected certificates to 'Excluded certificates' and click Ok.


Manage Certificates using Microsoft Certificate Authority (MSCA) PAM360 allows users to discover and import certificates from Microsoft Certificate Authority. By the end of this document, you will have learned the following: Request Certificate Discover Certificate Renew Certificate Export Certificate Revoke Certificate Delete Certificate Navigate to 'Certificates >> MSCA'. All the certificates related to MSCA will be displayed here. 1. Request Certificate Click Request Certificate from the top pane. In the pop-up that appears: Select the Request Type as Microsoft CA or MSCA using Agent. If you choose Microsoft CA, mention the Server Name that runs the internal CA and also the Certificate Authority name. If you choose MSCA using Agent, Select the Agent from the list available in the drop-down. You can also Manage the agent by clicking the link beside the drop-down. To know more about managing the agent, click here. Mention the Agent Time out in seconds within which the agent should respond. If the agent doesn't respond within the time-out period, the operation will be audited as failed. Select the Template Name / OID based on your requirement or select any of the pre-defined templates by clicking the Get Templates link. Select the CSR from the dropdown or click the Create CSR link to create new CSR and click Create. 2. Discover Certificate Click Discover from the top pane. In the pop-up that appears: Select the Discovery Type as Microsoft CA or MSCA using Agent. If you choose to discover certificates issued by a particular MSCA, select Discovery Type as Microsoft CA. Enter the Server Name, required credentials, or choose Use PAM360 service account credentials for authentication and mention the Microsoft CA. If you choose the Discovery Type as MSCA using Agent, Select the Agent from the dropdown and mention the agent Time out in seconds within which the agent should respond. You can also choose to Include the Expired and/or Revoked certificates. If you choose to Include the Date Filter, select the from and to dates. If you choose to Include the Template Name / OID, select the Template Name / OID based on your requirement or select any of the pre-defined templates by clicking the Get Template link. Click Discover. You can view the discovered certificates in Certificates >> Certificates Tab. 3. Renew Certificate Select a certificate and click Renew at the top. If the certificate does not have a private key, PAM360 allows you to create a new private key. Click Ok in the pop-up that appears. Attributes such as Renewal Type, Server Name, Template Name / OID, Certificate Authority will be auto populated from the certificate details. The Server Name is the name of the Microsoft CA server which signed the certificate. Certificate Authority is the CA service that runs in the specified Microsoft CA server. For certificates signed by Microsoft CA directly or using the SSL agent (KMP agent), validity days will be taken from the Microsoft CA server and therefore it cannot be entered manually during renewal. These types of certificates will be renewed only till the date specified in the Microsoft CA server. Notes: i. During the renewal process, a CSR will be generated from the available values, along with a new Private Key. ii. SHA1 certificates will be renewed using the SHA256 algorithm. PAM360 also allows you to set up auto-renewal for certificates. To know how to auto renew certificates in PAM360, click here. 4. Export Certificate PAM360 allows you to export the following certificate types: .cer, .crt, .pem, .der, .p7b, .pfx, .p12, .pkcs12, .jks, .keystore. In the MSCA certificates window, click the certificate you want to export. In the Certificate Details window, click Export on the top right corner and select the required format in the which you want to export the certificate. The certificate will be downloaded to your machine in the selected format. 5. Revoke Certificates Select the required certificates and click Revoke at the top. In the pop up that appears, mention the Revoke Reason from the drop-down and click Save. 6. Delete Certificate Select the required certificates and click Delete at the top. In the pop up that appears, select if you want to Delete selected certificates from MSCA? and/or Add selected certificates to 'Excluded certificates' and click Ok.