Automated digital certificate renewer
First Claim
1. A certificate management and renewal system for automatically renewing digital certificates in a managed network, comprising:
- a managing device, said managing device including processing facilities for executing software and further including network facilities for electronic communication over a network, said managing device further including a storage device group containing at least one storage device operable to contain operating system files and applications; and
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving notifications from a certificate authority regarding a managed digital certificate,(ii) identifying a managed server corresponding to a digital certificate referred to in a received notification from a certificate authority,(iii) communicating with the managed server, the communicating causing the managed server to generate a certificate signing request and return the request to the managing device,(iv) transmitting a generated and received certificate signing request to a certificate authority,(v) receiving a certificate signed by a certificate authority generated from a certificate signing request,(vi) identifying a destination managed server corresponding to a received certificate signed by a certificate authority,(vii) installing a received certificate signed by a certificate authority to an identified destination managed server, and(viii) configuring an identified destination managed server to use a private key corresponding to an installed certificate.
11 Assignments
0 Petitions
Accused Products
Abstract
The disclosure relates to the management of PKI digital certificates, including certificate discovery, installation, verification and replacement for endpoints over an insecure network. A database of certificates may be maintained through discovery, replacement and other activities. Certificate discovery identifies certificates and associated information including network locations, methods of access, applications of use and non-use, and may produce logs and reports. Automated requests to certificate authorities for new certificates, renewals or certificate signing requests may precede the installation of issued certificates to servers using installation scripts directed to a particular application or product, which may provide notification or require approval or intervention. An administrator may be notified of expiring certificates, using a database or scanning or server agents. Interaction with certificate authorities may be by an abstractor providing a common interface for issuing signing requests to disparate certificate authorities. Digital certificate management may also be applied to network-connecting client devices.
233 Citations
28 Claims
-
1. A certificate management and renewal system for automatically renewing digital certificates in a managed network, comprising:
-
a managing device, said managing device including processing facilities for executing software and further including network facilities for electronic communication over a network, said managing device further including a storage device group containing at least one storage device operable to contain operating system files and applications; and instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of; (i) receiving notifications from a certificate authority regarding a managed digital certificate, (ii) identifying a managed server corresponding to a digital certificate referred to in a received notification from a certificate authority, (iii) communicating with the managed server, the communicating causing the managed server to generate a certificate signing request and return the request to the managing device, (iv) transmitting a generated and received certificate signing request to a certificate authority, (v) receiving a certificate signed by a certificate authority generated from a certificate signing request, (vi) identifying a destination managed server corresponding to a received certificate signed by a certificate authority, (vii) installing a received certificate signed by a certificate authority to an identified destination managed server, and (viii) configuring an identified destination managed server to use a private key corresponding to an installed certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A certificate management and renewal system for automatically renewing digital certificates in a managed network, comprising:
-
a managing device, said managing device including processing facilities for executing software and further including network facilities for electronic communication over a network, said managing device further including a storage device group containing at least one storage device operable to contain operating system files and applications; a plurality of servers configured in a network, each of said servers configured to transmit a digital certificate and further configured to provide a service to client devices, each of said servers further including a certificate managing agent installed thereto, each of said certificate managing agents configured to produce certificate signing requests and further to install certificates signed by a certificate authority to the server on which the agent is installed; and instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of; (i) receiving notifications from a certificate authority regarding a managed digital certificate, (ii) identifying a managed server corresponding to a digital certificate referred to in a received notification from a certificate authority, (iii) communicating with the managed server, the communicating causing the managed server to generate a certificate signing request and return the request to the managing device, (iv) transmitting a generated and received certificate signing request to a certificate authority, (v) receiving a certificate signed by a certificate authority generated from a certificate signing request, (vi) identifying a destination managed server corresponding to a received certificate signed by a certificate authority, (vii) installing a received certificate signed by a certificate authority to an identified destination managed server, and (viii) configuring an identified destination managed server to use a private key corresponding to an installed certificate. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A certificate management and renewal system for automatically renewing digital certificates in a managed network, comprising:
-
a managing device, said managing device including processing facilities for executing software and further including network facilities for electronic communication over a network, said managing device further including a storage device group containing at least one storage device operable to contain operating system files and applications; a plurality of servers configured in a network, each of said servers configured to transmit a digital certificate and further configured to provide a service to client devices, each of said servers further including a certificate managing agent installed thereto, each of said certificate managing agents configured to produce certificate signing requests and further to install certificates signed by a certificate authority to the server on which the agent is installed; authentication objects stored to said storage device, said authentication objects including authentication tokens needed to install a certificate to said plurality of servers; and instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of; (i) receiving notifications from a certificate authority regarding a managed digital certificate, (ii) receiving, in response to a request for approval, an indication from an administrator that a certificate is to be renewed or installed, (iii) identifying a managed server corresponding to a digital certificate referred to in a received notification from a certificate authority, (iv) communicating with the managed server, the communicating causing the managed server to generate a new asymmetric key pair, the communicating further causing the managed server to generate a certificate signing request and return the request to the managing device, (v) transmitting a generated and received certificate signing request to a certificate authority, (vi) receiving a certificate signed by a certificate authority generated from a certificate signing request, (vii) identifying a destination managed server corresponding to a received certificate signed by a certificate authority, (viii) installing a received certificate signed by a certificate authority to an identified destination managed server, the installing being performed by accessing the identified destination managed server using a corresponding object of said authentication objects, the installing utilizing a protocol selected from the group of a shell interface, an agent interface and a network interface provided by a web interface of a web server, (ix) configuring an identified destination managed server to use a private key corresponding to an installed certificate, and (x) performing a restart action selected from the group of commanding an identified destination managed server to perform a restart, commanding an identified destination managed server to restart and notifying an administrator to restart a destination server program or destination server computer. - View Dependent Claims (27, 28)
-
Specification