Security Basics mailing list archives
Certificate Management
From: Jason Keating <jason.keating () gmail com>
Date: Mon, 3 Oct 2005 11:57:42 +1300
Hi, I manage multiple https sites, using certs from at least three different CA's. I like to keep track of these, Entrust, Verisign etc do send warnings < three months from expiry, but I prefer to have some sort of notification method for myself. Also occasionaly my finance people like to audit our cert usage, so its handy to be able to produce an accurate manifest of this. Currently I use a database, when I receive new certs, I chuck them in the DB, key in CN's and dates a couple of other interesting facts about the certs and run a weekly batch job which sends an email to a few staff with simple notifications like the example below. Site,Expiry_Date,Days_Remaining my.site.com,10-Oct-05,7 This has a few issues though. It would make sense to pull the expiry dates, cn and any other info out of the cert automatically. This would require storage of the passphrase with the cert which creates the following requirement I'd prefer the info in the DB was more secure. I am sure I could beef it up a little (using a Java KeyStore with a simple web app and some scripts for notification is one idea) but before I do I would like to know if anyone is aware of any Opensource that does the same job. I have also done some searching - google, sourceforge, freshmeat etc where I have found a number of wrappers for CA's offering easy management etc and 6ome nice tools that handle keystores, but as I use multiple CA's for my certs, and am only interested in filing away server certs (no requests (I use my web servers to create CSR's), signing etc) Has anyone seen anything like this? or should I start writing some code.. -- Jason Keating
Current thread:
- Certificate Management Jason Keating (Oct 03)