I have a wildcard SSL certificate (*.ourdomain.com) + chain of trust that was issued from a public third-party CA that I have deployed on to all of our Windows servers in the domain. But our environment has outgrown our deployment script and I need a better way to manage and audit certificates in the domain (list of certificates on each server, when certificates will expire, install certificates on newly deployed servers).
My initial research pointed me to Active Directory Certificate Services (ADCS) as a solution. This seems like it would work fine acting as its own CA where the certificates were generated on the ADCS machine, but it is not clear to me how one would use ADCS with third-party certificates. Is is even possible or recommended?
Best Answer
You do not use Active Directory certificate services to manage third-party certificates. AD CS is not an asset tracking or inventory system. (Your "assets" in this case being your collection of SSL certificates.)
From an organizational standpoint, I would say that you need a CMDB/asset tracking system, with the ability to track SSL certificates as CIs (Configuration Items... sorry, a little ITIL speak there.)
But as for what product you should use I cannot say, since product recommendations are off topic for Serverfault.