Skip to main content

Add Microsoft CA connector in Trust Lifecycle Manager

Set up a connector in Trust Lifecycle Manager to integrate with a Microsoft CA server. With the connector in place, you can:

  • Import existing certificates from the Microsoft CA so you can manage them in Trust Lifecycle Manager.

  • View the latest revocation data and revoke Microsoft CA certificates directly from Trust Lifecycle Manager.

  • Use Trust Lifecycle Manager to enroll new certificates from the Microsoft CA.

Before you begin

The following tasks need to be completed before adding the Microsoft CA connector in Trust Lifecycle Manager:

  • Configure the Microsoft CA server to prepare for the integration.

  • Install the Windows version of the DigiCert sensor on a Windows system on your network that can connect to both Trust Lifecycle Manager and the Microsoft CA server.

    • The sensor system must be running Windows Server 2019 (or later) or Windows 10 Pro or Enterprise.

    • If installing the sensor on Windows 10 Pro or Enterprise, you must also install the Remote Server Administration Tools (RSAT) "Active Directory Certificate Services Tools" to enable the integration with Trust Lifecycle Manager. For installation instructions, visit the official Microsoft Download Center. This step is not required when installing the sensor on Windows Server.

    • The sensor system must be on the same domain or in the same forest as your Microsoft CA server. Do not install the DigiCert sensor on the Microsoft CA server system itself.

msca_integration_architecture_new.svg

Microsoft CA integration architecture.

Add Microsoft CA connector

  1. From the Trust Lifecycle Manager main menu, select Integrations > Connectors.

  2. Select the Add connector button.

  3. In the Certificate authorities section, select the tile for Microsoft.

    Complete the form as described in the following steps.

  4. Configure the general connector properties in the top section of the form:

    • Name: Assign a friendly name to this connector.

    • Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.

    • Managing sensor: Select an active DigiCert sensor to use to manage the integration.

  5. In the Link account section, enter the access details for the Microsoft CA server:

    • Hostname: The hostname of the Microsoft CA server. Must be resolvable by the managing sensor.

    • CA name: The name of the certificate authority (CA) to connect to as configured under Active Directory Certificate Services (AD CS) on the Microsoft CA server.

    • Username: The username of the service user on the Microsoft CA server in the format username@domain.

    • Password: The password for the above service user on the Microsoft CA server.

  6. Fill out the Import attributes section if you want to import existing certificates from the Microsoft CA:

    • Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.

    • Business unit: Optionally assign a business unit to imported certificates. Only users assigned to this business unit can manage the imported certificates.

    • Microsoft CA certificate templates: The certificate templates to import certificates from on the Microsoft issuing CA.

      • All templates: To import certificates issued from all Microsoft CA certificate templates.

      • Specific templates: To enter the names of specific Microsoft CA certificate templates to import certificates from.

    • Tags: Optionally assign tags to imported certificates to help categorize and manage them.

    • Import frequency: If importing certificates, select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to check for new certificates to import from the Microsoft CA. The default import frequency is every 15 minutes.

  7. Select Add  to create the Microsoft CA connector with the configured settings.

What's next

Publication date: