Each Microsoft platform and product has different approaches to managing certificates - the web server typically expects the certificate to be installed in the Windows key store, SharePoint keeps them in the farm database, BizTalk may expect and SSH key on a file system. Some products have a front and back-end such as Lync or the ADFS with Web Application Proxy, where the certificate must be in multiple locations or even have one certificate in the back-end and another in the front-end. When developers start using .NET to build web sites with single sign-on or B2B web service integration, more certificates are added and the picture gets even muddier since now we have certificates in the infrastructure, in the middleware, in the application - and dependencies on public keys from customers/partners.
Managed Keys hides all this complexity and lets you forget all about certificates by providing a fully documented, fully automated and managed end-to-end solution.
Microsoft also provides PKI infrastructure via Active Directory Certificate Services (AD CS). The AD CS contains many very useful functions for customers on a Microsoft platform. Managed Keys supplements AD CS by providing supplemental services through a deep integration. As an example, Managed Keys can fully automatically generate a correct and compliant request (CSR), send it to AD CS when that's a better option than sending it to an external CA, wait & track approval/issuance, retrieve the issued certificate, distribute and install on Microsoft and non-Microsoft products and update documentation. During discovery and analysis, Managed Keys also integrate with AD CS to compare certificates issued with certificates actually installed and in use on Microsoft and non-Microsoft products.Contact us for more information on key management solutions for Microsoft products and services