The disclosure relates to the management of PKI digital certificates,
including certificate discovery, installation, verification and
replacement for endpoints over an insecure network. A database of
certificates may be maintained through discovery, replacement and other
activities. Certificate discovery identifies certificates and associated
information including network locations, methods of access, applications
of use and non-use, and may produce logs and reports. Automated requests
to certificate authorities for new certificates, renewals or certificate
signing requests may precede the installation of issued certificates to
servers using installation scripts directed to a particular application
or product, which may provide notification or require approval or
intervention. An administrator may be notified of expiring certificates,
using a database or scanning or server agents. Interaction with
certificate authorities may be by an abstractor providing a common
intefface for issuing signing requests to disparate certificate
authorities. Digital certificate management may also be applied to
network-connecting client devices.