AnsweredAssumed Answered

Best way to manage large trusted cert store?

Question asked by CBertagnolli Champion on Sep 10, 2018
Latest reply on Sep 11, 2018 by CBertagnolli

As part of using the CA API Gateway we are required to maintain the Root CA and Intermediates based on public and Federal PKI trust management. This will be to support certificate authentication via registered credentials (i.e., must be from a trusted known chain with full path validation). 

 

That'll be ~40 Root CAs and over 100 Intermediates.

 

In our Windows Servers this is not an issue since GPO handles it across all of them. However, we are trying to determine best way to handle the updates in the CA API Gateway.

 

I'd like to automate it if possible via an API or some way to write them directly to the trust store or whatever would work best.

 

The certificates themselves we receive in PEM format or via our LDAP directory where they are also hosted and can be queried. 

 

Is there any advice or personal experience that someone could share with us to manage these? Would RESTMan be able to handle this if we had a job that ran to add/modify and appropriately flag the certs (Trust Anchor, perfom revocation check, so on)?

Outcomes