Importing certificates from a Microsoft CA

You can import certificates issued by a Microsoft Active Directory Certificate Services certificate authority (CA) by configuring a Certificate Import job in Aperture. After the import is configured, all certificates issued by your specified CA are retrieved and placed into folders that you designate.

NOTE  The certificate import feature imports only those certificates that were issued since the last time the import job ran. So this means that for a new import job, all certificates previously issued would be imported.

Re-running an import job does not restore certificates that were deleted; Trust Protection Platform assumes that when you delete a certificate, you did so because you don't want it in your inventory (and you also don't want it to be restored every time you run an import job).

Therefore, if you want to restore deleted certificates, you must create and run a new certificate import job.

To create a new Certificate Import job

  1. From the TLS Protect menu bar, click ConfigurationJobs.

    (Optional) To filter the Jobs list by one or more specific job types, use the Job Type filter. See Filtering the Jobs list by job type.

  2. Click + Create New Job to start the Create New Job wizard.

  3. On the Create New Job page, click Certificate Import, and then click Start.

  1. On the Details panel of the New Certificate Import Job, type a name for your new job in the Job Name field page.

  2. (Optional) In the Description field, type a description that can help other administrators better understand the purpose of your new job.

    This can be helpful in communicating with other administrators or to remind yourself why you created the new job.

  3. From the Import Type list, select Microsoft CA.

  4. (Optional) In the Contacts field, begin typing a user name to specify one or more contacts for your new job, and then click Next.

    To add multiple contact names, press Enter after each name.

  5. Click Next.
  6. On the Settings panel, specify the Hostname or IP Address of the CA you selected.

  7. From the Credentials list, select the credential that stores the user name and password required to connect to your CA server.

    For more information about credential requirements, see Configuring the Microsoft template object.

  8. Type a Service Name.

    The service name is the common name (CN) of the CA's certificate. It's also the name of the CA as it appears in the Certificates snap-in in the Microsoft Management Console (MMC).

  9. Click Get Templates to load available CA templates in the CA Templates Found list.

  10. In the CA Templates Found list, select and move one or more templates you want to use to the Selected for this Import box.

  11. (Optional) Below the CA Templates Found box, select the Include Expired Certificates and/or Include Revoked Certificates check boxes if you want them included during the import.

  12. Choose Use CA Template Name as Certificate Origin if the template name is meaningful to your team.

    OR

    Choose Specify Certificate Origin if you want to use a custom name.

  13. Click Next.

  14. On the Placement panel, under Placement Settings, select a folder where you want newly found certificates to be placed.

    TIP  You can create a Certificate and Device Placement job to reorganize your certificates automatically after they've been placed in a folder by your certificate import job?

    See Certificate and Device Placement jobs.

  15. When you're finished, click Create Job.

    (Optional) If you want to run the new job immediately, click Create and Run. To learn more, see Running a CA import manually.

Related Topics Link IconRelated Topics