Microsoft CA
Link DigiCert® Trust Lifecycle Manager to your Microsoft server to import, enroll, and manage certificates from private Microsoft certificate authorities (CAs).
Belangrijk
This page covers the basic process of adding a Microsoft CA connector in Trust Lifecycle Manager. For a complete guide covering all the steps needed to integrate with and get certificates from a Microsoft CA, see Microsoft CA server.
Before you begin
The following tasks need to be completed before adding the Microsoft CA connector in Trust Lifecycle Manager:
DigiCert MCARS service installed and configured on the Microsoft CA server.
DigiCert sensor installed on your network that can connect to the MCARS service (default port 7443) on the Microsoft CA server.
 |
Microsoft CA integration architecture.
Add Microsoft CA connector
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Add connector button.
In the Certificate authorities section, select the tile for Microsoft.
Complete the resulting form as described in the following steps.
Configure the general connector properties in the top section of the form:
Name: Assign a friendly name to this connector.
Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.
Managing sensor: Select an active DigiCert sensor to use to manage the integration. The sensor you select must be able to access the MCARS service on your Microsoft CA server at the Base URI you specify below.
In the Link account section, enter the access details for the DigiCert MCARS service running on your Microsoft CA server:
Base URI: Enter the IP address or hostname of your Microsoft CA server and the port number where MCARS is running in the format
https://host:port/. Make sure to include the trailing slash. For example, if your Microsoft CA server has IP address 10.2.3.4 and the MCARS service is running on port 7443 (the default), enterhttps://10.2.3.4:7443/.Username: Enter the username as configured in the
auth.usernameparameter in the MCARS configuration file (C:\ProgramData\Mocana\TrustCenter MCARS\conf\config.properties).Password: Enter the password for the above username as configured in the
auth.passwordparameter in the MCARS configuration file.
Fill out the Import attributes section if you want to import existing certificates from the Microsoft CA:
Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.
Business unit: Optionally assign a business unit to imported certificates. Only users assigned to this business unit can manage the imported certificates.
Tags: Optionally assign tags to imported certificates to help categorize and manage them.
Schedule import frequency: If importing certificates, select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to check for new certificates to import from the Microsoft CA. The default import frequency is every 15 minutes.
Select Add to create the Microsoft CA connector with the configured settings.
What's next
Go to the Integrations > Connectors page to view, check status, or manage a Microsoft CA connector.
Go to your Inventory page to monitor and manage any existing certificates imported from the Microsoft CA server.
To start enrolling new Microsoft CA certificates from DigiCert® Trust Lifecycle Manager, create one or more certificate profiles for the Microsoft issuing CA.