Skip to main content

Add Microsoft CA connector in Trust Lifecycle Manager

Set up a connector in Trust Lifecycle Manager to integrate with a Microsoft CA server running the DigiCert MCARS service. With the connector in place, you can:

  • Import existing certificates from the Microsoft CA so you can monitor and manage them in Trust Lifecycle Manager.

  • View the latest revocation data and revoke Microsoft CA certificates directly from Trust Lifecycle Manager.

  • Use Trust Lifecycle Manager to enroll and manage new certificates from the Microsoft CA.

Before you begin

The following tasks need to be completed before adding the Microsoft CA connector in Trust Lifecycle Manager:


Microsoft CA integration architecture.


On July 17, 2024, DigiCert will release an updated version of the Microsoft CA connector for Trust Lifecycle Manager that deprecates the need for the Microsoft CA Remoting Service (MCARS) on the Microsoft CA server. To learn more, see Upcoming change.

Add Microsoft CA connector

  1. From the Trust Lifecycle Manager main menu, select Integrations > Connectors.

  2. Select the Add connector button.

  3. In the Certificate authorities section, select the tile for Microsoft.

    Complete the form as described in the following steps.

  4. Configure the general connector properties in the top section of the form:

    • Name: Assign a friendly name to this connector.

    • Business unit: Select a business unit for this connector. Only users assigned to this business unit can manage the connector.

    • Managing sensor: Select an active DigiCert sensor to use to manage the integration. The sensor you select must be able to access the MCARS service on your Microsoft CA server at the Base URI you specify below.

  5. In the Link account section, enter the access details for the DigiCert MCARS service running on your Microsoft CA server:

    • Base URI: Enter the IP address or hostname of your Microsoft CA server and the port number where MCARS is running in the format https://host:port/. Make sure to include the trailing slash. For example, if your Microsoft CA server has IP address and the MCARS service is running on port 7443 (the default), enter

    • Username: Enter the username as configured in the auth.username parameter in the MCARS configuration file (C:\ProgramData\Mocana\TrustCenter MCARS\conf\

    • Password: Enter the password for the above username as configured in the auth.password parameter in the MCARS configuration file.

  6. Fill out the Import attributes section if you want to import existing certificates from the Microsoft CA:

    • Import certificates from this connector: Select whether to import certificates or not. If importing, select options for which certificates to import.

    • Business unit: Optionally assign a business unit to imported certificates. Only users assigned to this business unit can manage the imported certificates.

    • Tags: Optionally assign tags to imported certificates to help categorize and manage them.

    • Schedule import frequency: If importing certificates, select scheduling options for ongoing import operations. Enter a value and select units (minutes, hours, or weeks) for how often to check for new certificates to import from the Microsoft CA. The default import frequency is every 15 minutes.

  7. Select Add  to create the Microsoft CA connector with the configured settings.

What's next