Skip to main content

Microsoft CA

Link DigiCert​​®​​ Trust Lifecycle Manager to your Microsoft server to import, enroll, and manage certificates from private Microsoft certificate authorities (CAs).


This page covers the basic process of adding a Microsoft CA connector in Trust Lifecycle Manager. For a complete guide covering all the steps needed to integrate with and get certificates from a Microsoft CA, see Microsoft CA server.

Before you begin

The following tasks need to be completed before adding the Microsoft CA connector in Trust Lifecycle Manager:


Microsoft CA integration architecture.

Add a Microsoft CA connector

  1. From the Trust Lifecycle Manager main menu, select Integrations > Connectors.

  2. Select the Add connector button.

  3. In the Certificate authorities section, select the tile for Microsoft.

  4. Fill in the basic properties for the new connector:

    • Name: Assign a friendly name to this connector.

    • Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.

    • Managing sensor: Select an active DigiCert sensor to use to manage this connector. The sensor you select must be able to access the MCARS service on your Microsoft CA server at the Base URI you specify below.

  5. Link account: Enter the access details for the DigiCert MCARS service running on your Microsoft CA server:

    • Base URI: Enter the IP address or hostname of your Microsoft CA server and the port number where MCARS is running in the format https://host:port/. Make sure to include the trailing slash. For example, if your Microsoft CA server has IP address and the MCARS service is running on port 7443 (the default), enter

    • Username: Enter the username as configured in the auth.username parameter in the MCARS configuration file (C:\ProgramData\Mocana\TrustCenter MCARS\conf\

    • Password: Enter the password for the above username as configured in the auth.password parameter in the MCARS configuration file.

  6. Import attributes: Select options for importing certificates from the Microsoft CA into Trust Lifecycle Manager to be monitored and managed there:

    • Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.

    • Business unit: Optionally assign a business unit to imported certificates. Only users assigned to this business unit can manage the imported certificates.

    • Tags: Optionally assign tags to imported certificates to help categorize and manage them.

    • Schedule import frequency: If importing certificates, select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to check for new certificates to import from the Microsoft CA. The default import frequency is every 15 minutes.

  7. Select Add  to complete the link to the Microsoft CA.

What's next

Go to the Integrations > Connectors page to view, check status, or manage a Microsoft CA connector.

Go to your Inventory page to monitor and manage any existing certificates imported from the Microsoft CA server.

To start enrolling new Microsoft CA certificates from DigiCert​​®​​ Trust Lifecycle Manager, create one or more certificate profiles for the Microsoft issuing CA.