Automated SSL certificate installers

US 20050076199A1
Filed: 08/13/2004
Published: 04/07/2005
Est. Priority Date: 08/15/2003
Status: Abandoned Application

First Claim

Patent Images

1. A centralized certificate installation system for automating the installation of digital certificates received from certificate authorities to a group of network servers, comprising:

a processor;

a network interface connectible to a data communications network, said network interface further controllable by said processor;

a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;

instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;

(i) receiving a certificate signed by a certificate authority generated from a certificate signing request by way of said network interface, (ii) identifying a destination network server corresponding to a received certificate signed by a certificate authority, (iii) determining a network server type, said network server types providing at least the type of server software installed to the identified destination network server, and (iv) performing a set of installation steps, the performed set of installation steps applicable to the determined network server type, the performance of the set of installation steps including the transferring of the received certificate to the destination network server by way of said network interface.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.

64 Citations

View as Search Results

19 Claims

1. A centralized certificate installation system for automating the installation of digital certificates received from certificate authorities to a group of network servers, comprising:
- a processor;
  
  a network interface connectible to a data communications network, said network interface further controllable by said processor;
  
  a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
  
  instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
  
  (i) receiving a certificate signed by a certificate authority generated from a certificate signing request by way of said network interface, (ii) identifying a destination network server corresponding to a received certificate signed by a certificate authority, (iii) determining a network server type, said network server types providing at least the type of server software installed to the identified destination network server, and (iv) performing a set of installation steps, the performed set of installation steps applicable to the determined network server type, the performance of the set of installation steps including the transferring of the received certificate to the destination network server by way of said network interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A system according to claim 1, wherein said instructions are further executable to achieve the functions of:
    - operating an SMTP service;
      
      receiving an e-mail message by the SMTP service, the e-mail message containing a certificate signed by a certificate authority;
      
      parsing an e-mail message containing a certificate signed by a certificate authority to extract that certificate for installation.
  - 3. A system according to claim 1, wherein said instructions are further executable to achieve the functions of:
    - upon receiving a certificate signed by a certificate authority, and optionally after identifying a destination network server, notifying a person that the received certificate is ready to be installed; and
      
      prior to performing the set of installation steps, receiving an approval indication from a person indicating that a certificate is to be installed.
  - 4. A system according to claim 1, wherein said performing a set of installation steps includes steps for automated controlling of a network interface provided by a web server.
  - 5. A system according to claim 1, wherein said performing a set of installation steps includes steps for automated controlling of a shell interface.
  - 6. A system according to claim 1, wherein said performing a set of installation steps includes steps for transmission and installation of a certificate through a server agent program.
  - 7. A system according to claim 1, wherein said performing a set of installation steps includes steps for restarting a destination server program.
  - 8. A system according to claim 1, wherein said performing a set of installation steps includes steps for restarting a destination server computer.
  - 9. A system according to claim 1, wherein said performing a set of installation steps includes steps for notifying an administrator to restart a destination server program or destination server computer.
  - 10. A system according to claim 1, wherein said instructions are further executable to confirm the installation of a received certificate to a destination server following the performance of a set of installation steps.
  - 11. A system according to claim 10, wherein said instructions are further executable to generate an alert to an administrator if the installation of a received certificate to a destination server is not confirmed.

12. A centralized certificate installation system for automating the installation of digital certificates received from certificate authorities to a group of network servers, comprising:
- a processor;
  
  a network interface connectible to a data communications network, said network interface further controllable by said processor;
  
  a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
  
  authentication objects stored to said storage device, said authentication objects including authentication tokens needed to permit execution of a set of certificate installation steps to servers of the group of network servers;
  
  instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
  
  (i) receiving a certificate signed by a certificate authority generated from a certificate signing request by way of said network interface, (ii) identifying a destination network server corresponding to a received certificate signed by a certificate authority, (iii) determining a network server type, said network server types providing at least the type of server software installed to the identified destination network server, said determining being performed by retrieving a server type from a database having an entry for the identified destination network server;
  
  (iv) performing a set of installation steps, the performed set of installation steps applicable to the determined network server type, the performance of the set of installation steps utilizing said authentication objects applicable to the destination network server, the performance of the set of installation steps including the transferring of the received certificate to the destination network server by way of said network interface; and
  
  (v) confirming the installation of a received certificate to a destination server following the performance of a set of installation steps.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. A system according to claim 12, wherein said instructions are further executable to configure a destination network server to support SSL operation.
  - 14. A system according to claim 12, wherein said instructions are further executable to achieve the functions of:
    - upon receiving a certificate signed by a certificate authority, and optionally after identifying a destination network server, notifying a person that the received certificate is ready to be installed; and
      
      prior to performing the set of installation steps, receiving an approval indication from a person indicating that a certificate is to be installed.
  - 15. A system according to claim 12, wherein said performing a set of installation steps includes steps for automated controlling of an interface selected from the group of network interfaces provided by a web server, a shell interface and server agent program interface.
  - 16. A system according to claim 12, wherein said performing a set of installation steps includes steps for restarting a destination server program or destination server computer.
  - 17. A system according to claim 12, wherein said performing a set of installation steps includes steps for notifying an administrator to restart a destination server program or destination server computer.
  - 18. A system according to claim 12, wherein said instructions are further executable to confirm the installation of a received certificate to a destination server following the performance of a set of installation steps.

19. A centralized certificate installation system for automating the installation of digital certificates received from certificate authorities to a group of network servers, comprising:
- a processor;
  
  a network interface connectible to a data communications network, said network interface further controllable by said processor;
  
  a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
  
  authentication objects stored to said storage device, said authentication objects including authentication tokens needed to permit execution of a set of certificate installation steps to servers of the group of network servers;
  
  instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
  
  (i) receiving a certificate signed by a certificate authority generated from a certificate signing request by way of said network interface, (ii) identifying a destination network server corresponding to a received certificate signed by a certificate authority, (iii) determining a network server type, said network server types providing at least the type of server software installed to the identified destination network server;
  
  (iv) performing a set of installation steps, the performed set of installation steps applicable to the determined network server type, the performance of the set of installation steps utilizing said authentication objects applicable to the destination network server, the performance of the set of installation steps including the transferring of the received certificate to the destination network server by way of said network interface;
  
  the installation steps utilizing a protocol selected from the group of a shell interface, an agent interface and a network interface provided by a web interface of a web server;
  
  (v) configuring an identified destination managed server to use a private key corresponding to an installed certificate; and
  
  (vi) performing a restart action selected from the group of commanding an identified destination managed server to perform a restart, commanding an identified destination managed server to restart and notifying an administrator to restart a destination server program or destination server computer; and
  
  (vii) confirming the installation of a received certificate to a destination server following the performance of a set of installation steps.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imcentric Incorporated, Venafi,Inc.
Original Assignee
Imcentric Incorporated
Inventors
Thornton, Russell S., Seegmiller, Jayson, Hodson, Benjamin

Application Number

US10/917,958
Publication Number

US 20050076199A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Automated SSL certificate installers

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Automated SSL certificate installers

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links