Certificate Management

[Jason Keating <jason.keating () gmail com>]

Hi,

  I manage multiple https sites, using certs from at least three different CA's.

  I like to keep track of these, Entrust, Verisign etc do send
warnings < three months from expiry, but I prefer to have some sort of
notification method for myself. Also occasionaly my finance people
like to audit our cert usage, so its handy to be able to produce an
accurate manifest of this.

  Currently I use a database, when I receive new certs, I chuck them
in the DB, key in CN's and dates a couple of other interesting facts
about the certs and run a weekly batch job which sends an email to a
few staff with simple notifications like the example below.



Site,Expiry_Date,Days_Remaining
my.site.com,10-Oct-05,7


 This has a few issues though.

 It would make sense to pull the expiry dates, cn and any other info
out of the cert automatically.
 This would require storage of the passphrase with the cert which
creates the following requirement
 I'd prefer the info in the DB was more secure.

 I am sure I could beef it up a little (using a Java KeyStore with a
simple web app and some scripts for notification is one idea) but
before I do I would like to know if anyone is aware of any Opensource
that does the same job.

 I have also done some searching - google, sourceforge, freshmeat etc
where I have found a number of wrappers for CA's offering easy
management etc and 6ome nice tools that handle keystores, but as I use
multiple CA's for my certs, and am only interested in filing away
server certs (no requests (I use my web servers to create CSR's),
signing etc)

  Has anyone seen anything like this? or should I start writing some code..
--
Jason Keating