How To: Manage Your Certificates in EZCA
Prerequisites
To create and manage certificates in EZCA, ensure you have at least one Certificate Authority (CA). Refer to one of these guides to create a CA if you haven’t done so already:
How Do I Create a Certificate in EZCA?
EZCA supports the creation of various types of certificates, including SCEP and SSL certificates. Below are the guides to help you create each type:
If you want to issue user/device SCEP certificates, the easiest way is to use a Mobile Device Management (MDM) platform like Microsoft Intune, Jamf, or other MDMs using Static SCEP. We also provide an open-source certificate tool to help with issuing SCEP certificates for on-premises Active Directory deployments. Refer to this guide for detailed instructions: How-To: Manage Certificates for SCEP CAs.
SSL certificates can be created manually in the EZCA portal or through integrations with Azure Key Vault or our open-source certificate tool. Refer to this guide for detailed instructions: How-To: Create SSL Certificates.
How Do I View My Certificates in EZCA?
You can view and manage your certificates in EZCA through the portal. Depending on the type of certificate (SCEP or SSL), the process may vary slightly.
Most MDM solutions, such as Microsoft Intune, provide their own interfaces to view and manage issued SCEP certificates. However, if you want to see all SCEP certificates issued by your SCEP CA in EZCA, follow the steps in this guide.
Once you’ve issued SSL certificates in EZCA, you can view and manage them through the EZCA portal. Follow the steps outlined in this guide: How-To: View My SSL Certificates in EZCA.
EZCA users only see the Certificates for Domains they have access to. If you’re not seeing your certificates, work with your domain owner or PKI administrator to gain access. If you’re a PKI administrator and want to view all certificates issued by a specific Certificate Authority (CA) and not just your own, refer to the section in the guide: How to View All Certificates as an Administrator.
How Do I Renew a Certificate in EZCA?
To ensure business continuity, it’s essential to renew your certificates before they expire. Auto-renewal is highly recommended to remove any manual intervention. Depending on what type of certificate you are renewing and where it is being stored, the renewal process may vary.
SCEP certificates are typically managed through your MDM solution, which often handles renewal automatically. If you’re using our open-source certificate tool, you can also automate the renewal process for SCEP certificates using a scheduled task or cron job.
Depending on where your SSL certificates are stored, the renewal process may vary. Refer to this guide for detailed instructions on renewing SSL certificates in EZCA.
How Do I Revoke a Certificate in EZCA?
If a certificate is compromised or no longer needed, it’s crucial to revoke it to prevent unauthorized use. Revoking a certificate adds it to the Certificate Revocation List (CRL), ensuring it is no longer trusted.
SCEP certificates can be revoked through the EZCA portal. Follow the steps outlined in this guide: How-To: Manage Certificates for SCEP CAs.
SSL certificates can be revoked through the EZCA portal. Follow the steps outlined in this guide: How-To: Revoke SSL Certificates.