Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
partisan422021-03-24 03:08:00
Digital certificates
partisan42, 2021-03-24 03:08:00

Is there a centralized certificate management tool?

Good day.
There is such a network.
About 100 jobs, Win10 everywhere. All computers in the AD domain. CryptoPRO is installed on 90% of computers. With the help of this CryptoPRO, computers have certificates (stored in the registry).
And then the management set the task of conducting an audit of who has which certificate, and depriving users of the opportunity to install certificates for themselves.
Has anyone had a similar experience? Is there any way to put yourself something like CryptoPRO Network Management (the name is conditional), and manage this issue centrally, and not run to each computer?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
D
Dmitry, 2021-03-24
@partisan42

https://www.cryptopro.ru/products/dss
The CryptoPro DSS 2.0 hardware and software system is designed for centralized, secure storage of user private keys, as well as for remote execution of operations to create an electronic signature (ES) using CryptoPro HSM PACM.

Report
C
CityCat4, 2021-03-24
@CityCat4

Well, I would start by looking to see if the cryptopro itself has such a solution. There are tools for centralized issuance of certificates in Windows - this is a domain snap-in Certificate Management, but this is an internal CA, not an external one.
You will probably have to lab something on vbs / ps then run it through policies when the user logs in

Report
V
Vladimir, 2021-03-24
@SibUrsus

Let the older comrades correct it, but the modern Russian standard for cryptographic information protection strongly condemns the practice "there are certificates on computers (stored in the registry)". It's in theory.
In practice, I saw 3 options:
1. Paid https://kit-journal.ru/sign_skzi
2. Free https://imbasoft.ru/viewtopic.php?t=5
3. Free but abandoned program https:// sedkazna.ru/forum.html?view=topic&catid=8&id=30 But it seems like the author is ready to revive and finish it for a reasonable fee.

Similar questions
I
Ivan2016-07-14 07:40:13
How to get a free self-signed certificate for Telegram? 1Reply
A
Arseny2014-06-21 13:40:39
How to get SSL for free? 3Reply
M
Maxim Volkov2018-12-18 15:34:43
After changing the SSL certificate, the site on Bitrix began to constantly reboot. How to fix? 1Reply
V
VoisHunter2018-12-20 01:12:53
How to install cer certificate on Linux? 1Reply
K
KurazhBambei2014-06-25 14:28:06
Has anyone experienced the kCFURLErrorUserCancelledAuthentication -1012 error on iOS? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question