Processing apparatus for monitoring and renewing digital certificates
First Claim
Patent Images
1. A centralized certificate renewal system for automatically renewing digital certificates in a managed network, comprising:
- a managing device, said managing device including processing facilities for executing software and further including network facilities for electronic communication over a network, said managing device further including a storage device group containing at least one storage device operable to contain operating system files and applications, said managing device configured to communicate with a plurality of servers utilizing said network facilities, each of those servers including at least one digital certificate stored thereon and further configured to provide a service to client devices;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) monitoring the expiration status of certificates stored to the plurality of servers, (ii) detecting the expiration of a certificate stored to the plurality of servers within a specified period of time, (iii) identifying a managed server corresponding to a detected expiring digital certificate, (iv) communicating with the managed server, the communicating causing the managed server to generate a certificate signing request and return the request to the managing device, (v) transmitting a generated and received certificate signing request to a certificate authority, (vi) receiving a certificate signed by a certificate authority generated from a certificate signing request, (vii) identifying a destination managed server corresponding to a received certificate signed by a certificate authority, (viii) installing a received certificate signed by a certificate authority to an identified destination managed server, and (ix) configuring an identified destination managed server to use a private key corresponding to an installed certificate.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.
107 Citations
16 Claims
-
1. A centralized certificate renewal system for automatically renewing digital certificates in a managed network, comprising:
-
a managing device, said managing device including processing facilities for executing software and further including network facilities for electronic communication over a network, said managing device further including a storage device group containing at least one storage device operable to contain operating system files and applications, said managing device configured to communicate with a plurality of servers utilizing said network facilities, each of those servers including at least one digital certificate stored thereon and further configured to provide a service to client devices;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) monitoring the expiration status of certificates stored to the plurality of servers, (ii) detecting the expiration of a certificate stored to the plurality of servers within a specified period of time, (iii) identifying a managed server corresponding to a detected expiring digital certificate, (iv) communicating with the managed server, the communicating causing the managed server to generate a certificate signing request and return the request to the managing device, (v) transmitting a generated and received certificate signing request to a certificate authority, (vi) receiving a certificate signed by a certificate authority generated from a certificate signing request, (vii) identifying a destination managed server corresponding to a received certificate signed by a certificate authority, (viii) installing a received certificate signed by a certificate authority to an identified destination managed server, and (ix) configuring an identified destination managed server to use a private key corresponding to an installed certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A centralized certificate discovery and renewal system for automatically discovering and renewing digital certificates in a managed network, comprising:
-
a managing device, said managing device including processing facilities for executing software and further including network facilities for electronic communication over a network, said managing device further including a storage device group containing at least one storage device operable to contain operating system files and applications, said managing device configured to communicate with a plurality of servers utilizing said network facilities, each of those servers including at least one digital certificate stored thereon and further configured to provide a service to client devices;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, (iii) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (iv) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, (v) storing created certificate records in a certificate database, (vi) monitoring the expiration status of certificates stored to the plurality of servers, (vii) detecting the expiration of a certificate stored to the plurality of servers within a specified period of time, (viii) identifying a managed server corresponding to a detected expiring digital certificate, (ix) communicating with the managed server, the communicating causing the managed server to generate a certificate signing request and return the request to the managing device, (x) transmitting a generated and received certificate signing request to a certificate authority, (xi) receiving a certificate signed by a certificate authority generated from a certificate signing request, (xii) identifying a destination managed server corresponding to a received certificate signed by a certificate authority, (xiii) installing a received certificate signed by a certificate authority to an identified destination managed server, and (ix) configuring an identified destination managed server to use a private key corresponding to an installed certificate.
-
-
16. A centralized certificate discovery and renewal system for automatically discovering and renewing digital certificates in a managed network, comprising:
-
a managing device, said managing device including processing facilities for executing software and further including network facilities for electronic communication over a network, said managing device further including a storage device group containing at least one storage device operable to contain operating system files and applications, said managing device configured to communicate with a plurality of servers utilizing said network facilities, each of those servers including at least one digital certificate stored thereon and further configured to provide a service to client devices;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, (iii) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (iv) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, (v) storing created certificate records in a certificate database, (vi) monitoring the expiration status of certificates stored to the plurality of servers, (vii) detecting the expiration of a certificate stored to the plurality of servers within a specified period of time, (viii) receiving, in response to a request for approval, an indication from an administrator that a certificate is to be renewed or installed, (ix) identifying a managed server corresponding to a detected expiring digital certificate, (x) communicating with the managed server, the communicating causing the managed server to generate a new asymmetric key pair, the communicating further causing the managed server to generate a certificate signing request and return the request to the managing device, (xi) transmitting a generated and received certificate signing request to a certificate authority, (xii) receiving a certificate signed by a certificate authority generated from a certificate signing request, (xiii) identifying a destination managed server corresponding to a received certificate signed by a certificate authority, (xiv) installing a received certificate signed by a certificate authority to an identified destination managed server, the installing being performed by accessing the identified destination managed server using a corresponding object of said authentication objects, the installing utilizing a protocol selected from the group of a shell interface, an agent interface and a network interface provided by a web interface of a web server, (xv) configuring an identified destination managed server to use a private key corresponding to an installed certificate, (xvi) performing a restart action selected from the group of commanding an identified destination managed server to perform a restart, commanding an identified destination managed server to restart and notifing an administrator to restart a destination server program or destination server computer.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeImcentric Incorporated, Venafi,Inc.
-
Original AssigneeImcentric Incorporated
-
InventorsThornton, Russell S., Seegmiller, Jayson, Hodson, Benjamin
-
Application NumberUS10/918,325Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/156CPC Class CodesH04L 2209/34 Encoding or coding, e.g. Hu...H04L 2209/56 Financial cryptography, e.g...H04L 2209/76 Proxy, i.e. using intermedi...H04L 63/04 for providing a confidentia...H04L 63/0823 using certificates cryptogr...H04L 63/105 Multiple levels of securityH04L 63/20 for managing network securi...H04L 9/3226 using a predetermined code,...H04L 9/3263 involving certificates, e.g...H04L 9/3271 using challenge-response
