Automated certificate management
First Claim
1. At a computer system, the computer system including a processor, system memory, and a certificate store, a method for managing the lifecycle of a plurality of certificates any of which can be used for authenticated access to a resource in a server farm, the method comprising:
- detecting pending expiration of a certificate that can be used for authenticated access to the resource, the expiring certificate identified as a primary certificate used for authenticated access to the resource, the expiring certificate previously promoted from a secondary certificate used for authenticated access to the resource to the primary certificate in response to detecting pending expiration of a prior primary certificate, the expiring certificate and the prior primary certificate both usable for authenticated access to resource up until the prior primary certificate expired;
in response to detecting pending expiration of the expiring certificate, generating a new certificate in anticipation of eventually transitioning the new certificate to the primary certificate to replace the expiring certificate and that can be used for authenticated access to the resource along with the expiring certificate up until the expiring certificate expires;
publishing the new certificate as a secondary certificate used for authenticated access to the resource such that servers can authenticate access to the resource using either the expiring certificate or the new certificate, the new certificate published as a secondary certificate to the certificate store;
accessing a configurable certificate transition period, the configurable certificate transition period indicating a period of time that both an expiring certificate and a new certificate are simultaneously valid for authenticated access to the resource prior to the expiring certificate being removed, the configurable certificate transition period selected by an administrator through the use of configurable parameters to tune the configurable transition period to a selected balance between security of the resource and certificate compatibility for accessing the resource;
maintaining both the expiring certificate and the new certificate in the certificate store as valid for authenticated access to the resource during the configurable certificate transition period so as to give other parties time to adopt the new certificate;
after detecting that the configurable certificate transition period has ended;
republishing the new certificate as a primary certificate to promote the new certificate from a secondary certificate to a primary certificate, the new certificate republished as a primary certificate to the certificate store;
removing the expiring certificate from the certificate store to prompt any dependent servers to also remove the expiring certificate; and
generating a further new certificate that is to replace the new certificate when the new certificate expires.
2 Assignments
0 Petitions
Accused Products
Abstract
A certificate management system provides automated management of certificate lifecycles and certificate distribution. Rather than depend upon an administrator to manually distribute and manage certificates, the system self-generates certificates, distributes the certificates to appropriate servers or other parties, and transitions from old certificates to new certificates in a well-defined manner that avoids breaking functionality. After generating one or more certificates, the system securely shares certificates in a way that parties that use them can find the new certificates without an administrator manually distributing the certificates. When it is time to update certificates, the system generates new certificates and shares the new certificates in a similar way. During a transition period, the system provides a protocol by which both old and new certificates can be used to perform authenticated access to resources, so that the transition from an old to a new certificate does not break services.
-
Citations
16 Claims
-
1. At a computer system, the computer system including a processor, system memory, and a certificate store, a method for managing the lifecycle of a plurality of certificates any of which can be used for authenticated access to a resource in a server farm, the method comprising:
-
detecting pending expiration of a certificate that can be used for authenticated access to the resource, the expiring certificate identified as a primary certificate used for authenticated access to the resource, the expiring certificate previously promoted from a secondary certificate used for authenticated access to the resource to the primary certificate in response to detecting pending expiration of a prior primary certificate, the expiring certificate and the prior primary certificate both usable for authenticated access to resource up until the prior primary certificate expired; in response to detecting pending expiration of the expiring certificate, generating a new certificate in anticipation of eventually transitioning the new certificate to the primary certificate to replace the expiring certificate and that can be used for authenticated access to the resource along with the expiring certificate up until the expiring certificate expires; publishing the new certificate as a secondary certificate used for authenticated access to the resource such that servers can authenticate access to the resource using either the expiring certificate or the new certificate, the new certificate published as a secondary certificate to the certificate store; accessing a configurable certificate transition period, the configurable certificate transition period indicating a period of time that both an expiring certificate and a new certificate are simultaneously valid for authenticated access to the resource prior to the expiring certificate being removed, the configurable certificate transition period selected by an administrator through the use of configurable parameters to tune the configurable transition period to a selected balance between security of the resource and certificate compatibility for accessing the resource; maintaining both the expiring certificate and the new certificate in the certificate store as valid for authenticated access to the resource during the configurable certificate transition period so as to give other parties time to adopt the new certificate; after detecting that the configurable certificate transition period has ended; republishing the new certificate as a primary certificate to promote the new certificate from a secondary certificate to a primary certificate, the new certificate republished as a primary certificate to the certificate store; removing the expiring certificate from the certificate store to prompt any dependent servers to also remove the expiring certificate; and generating a further new certificate that is to replace the new certificate when the new certificate expires. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer system for automatically managing the lifecycle of a plurality of certificates any of which can be used for access to a resource, the system comprising:
-
a processor and memory configured to execute software instructions; a certificate store configured to store certificates; a component configured to detect pending expiration of a certificate that can be used for authenticated access to the resource, the expiring certificate identified as a primary certificate used for authenticated access to the resource, the expiring certificate and a prior primary certificate both usable for authenticated access to the resource up until the prior primary certificate expired; a certificate generation component configured to generate a new certificate in response to detected pending expiration of the primary certificate and in anticipation of eventually transitioning to the new certificate to the primary certificate to replace the expiring certificate, the new certificate useable for authenticated access to the resource along with the expiring certificate up until the expiring certificate expires; a certificate publishing component configured to publish the new certificate as a secondary certificate used for authenticated access to the resource such that servers can authenticate access to the resource using either the expiring certificate or the new certificate, the new certificate published as a secondary certificate to the certificate store; a certificate retrieval component configured to retrieve new certificates published by the certificate publishing component; a certificate update component configured to; access a configurable certificate transition period, the configurable certificate transition period indicating a period of time that the expiring certificate and the new certificate are simultaneously valid for authenticating access to the resource prior to the expiring certificate being removed, the configurable certificate transition period selected by an administrator through the use of configurable parameters to tune the configurable certificate transition period to a selected balance between security of the resource and certificate compatibility for accessing the resource; and maintain both the expiring certificate and the new certificate in the certificate store as valid for authenticated access to the resource during the configurable certificate transition period so as to give other parties time to adopt the new certificate; a certificate expiration component configured to remove the expiring certificate from the system after detecting that the configurable certificate transition period has ended, removing the expiring certificate prompting any dependent servers to also remove the expired certificate; wherein the certificate publishing component is further configured to republish the new certificate as a primary certificate to promote the new certificate from a secondary certificate to a primary certificate after detecting that the configurable certificate transition period has ended, the new certificate published as a primary certificate to the certificate store; and wherein the certificate generation component is further configured to generate a further new certificate that is to replace the new certificate when the new certificate expires. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A computer program product for use at a computer system, the computer system including a certificate store, the computer program product comprising a computer storage device having stored thereon instructions for controlling the computer system to manage the lifecycle of a plurality of certificates any of which can be used for authenticated access to a resource in a server farm, wherein the instructions, when executed, cause a processor to perform actions comprising:
-
detecting pending expiration of a certificate that can be used for authenticated access to the resource, the expiring certificate identified as a primary certificate used for authenticated access to the resource, the expiring certificate previously promoted from a secondary certificate used to perform authenticated access to the resource within the server farm to the primary certificate in response to detecting pending expiration of a prior primary certificate, the expiring certificate and the prior primary certificate both usable for authenticated access to resource up until the prior primary certificate expired; in response to detecting pending expiration of the expiring certificate, generating a new certificate in anticipation of eventually transitioning the new certificate to the primary certificate to replace the expiring certificate and that can be used for authenticated access to the resource along with the expiring certificate up until the expiring certificate expires; publishing the new certificate as a secondary certificate used for authenticated access to the resource such that servers can authenticate access to the resource using either the expiring certificate or the new certificate, the new certificate published as a secondary certificate to the certificate store; access a configurable certificate transition period, the configurable certificate transition period indicating a period of time that both an expiring certificate and a new certificate are simultaneously valid for authenticated access to the resource prior to the expiring certificate being removed, the configurable certificate transition period selected by an administrator through the use of configurable parameters to tune the configurable transition period to a selected balance between security of the resource and certificate compatibility for accessing the resource; maintaining both the expiring certificate and the new certificate together in the certificate store as valid for authenticated access to the resource during the configurable certificate transition period so as to give other parties time to adopt the new certificate; after detecting that the configurable certificate transition period has ended; republishing the new certificate as a primary certificate to promote the new certificate from a secondary certificate to a primary certificate, the new certificate published as a primary certificate to the certificate store; removing the expiring certificate from the certificate store to prompt any dependent servers to also remove the expiring certificate; and generating a further new certificate that is to replace the new certificate when the new certificate expires. - View Dependent Claims (13, 14, 15, 16)
-
Specification