Summary<\/h4>\n\n- Easy setup – just install on a supported version of Windows Server.<\/li>\n
- Simple certificate requests, authorization, deployment & auto-renewal.<\/li>\n
- Ideal for Windows Servers running IIS, but can be used with other services.<\/li>\n
- Manage one certificate or several thousand.<\/li>\n
- Detailed preview of the certificate request process and planned automated deployment steps.<\/li>\n
- Create certificates for single domains, multiple domain (SAN) certificates or wildcard certificates.<\/li>\n<\/ul>\n
Advanced Features<\/h4>\n\n- Configurable deployment automation.<\/li>\n
- Deployment Tasks<\/a>, for zero-scripting automation of common deployments including:\n
\n- MS Exchange, Remote Access, Remote Desktop Services.<\/li>\n
- Apache, nginx, Tomcat and other services which require PEM or PFX format certificate files.<\/li>\n<\/ul>\n<\/li>\n
- Many other advanced features to help your organisation work with your certificates.<\/li>\n<\/ul>\n<\/div>\n
![](\"https:\/\/certifytheweb.com\/images\/screens\/Startup_Light.png\")
<\/div>\n<\/div>\n\n\nHow Certificate Automation Works<\/h3>\n
Services which are associated with a domain (websites, mail servers, remote access etc) use DV (Domain Validated) certificates to prove that the service being used is genuine and to encrypt the communication between the end-user and the server itself.<\/p>\n
Certificate Automation works by requiring you to regularly prove control of your domains to a Certificate Authority, such as\u00a0Let’s Encrypt<\/em>, who can then issue you a new certificate for your domain with a short expiry date.<\/p>\n<\/div>\n![](\"https:\/\/certifytheweb.com\/images\/diagrams\/Overview.png\")
<\/div>\n\nFeatures – Deep Dive<\/h2>\n\n![](\"https:\/\/certifytheweb.com\/images\/screens\/ChooseDomains.png\")
<\/div>\n\nManage Certificate Domains<\/h3>\n
Each certificate may cover multiple domains. You can easily add or remove domains from a certificate and auto-populate the list of domains from existing website bindings (e.g. IIS).<\/p>\n
Depending on the Certificate Authority you choose, your certificate can include a\u00a0single domain, multiple domains (SAN<\/abbr>) or domain wildcards<\/em>\u00a0(e.g. *.certifytheweb.com) to cover multiple sites or services.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\nHow Certificate Automation Works<\/h3>\n
Services which are associated with a domain (websites, mail servers, remote access etc) use DV (Domain Validated) certificates to prove that the service being used is genuine and to encrypt the communication between the end-user and the server itself.<\/p>\n
Certificate Automation works by requiring you to regularly prove control of your domains to a Certificate Authority, such as\u00a0Let’s Encrypt<\/em>, who can then issue you a new certificate for your domain with a short expiry date.<\/p>\n<\/div>\n\nour Choice of Certificate Authorities<\/h3>\n
The current most common automated Certificate Authority is\u00a0Let’s Encrypt<\/em>, a free Certificate Authority (letsencrypt.org<\/a>). You can also choose from other\u00a0ACME<\/em>\u00a0(Automated Certificate Management Environment) Certificate Authorities, such as\u00a0BuyPass Go SSL<\/a><\/em>,\u00a0DigiCert<\/em>\u00a0or a custom certificate authority (such as\u00a0smallstep<\/a>\u00a0or\u00a0Keyon true-Xtender Enterprise PKI<\/a>).<\/p>\nIf required, each Managed Certificate can use a different Certificate Authority and you can mix use of Production or Staging (Test) certificates.<\/p>\n<\/div>\n
![](\"https:\/\/certifytheweb.com\/images\/screens\/Cert_Authority.png\")
<\/div>\n<\/div>\n\nMultiple Ways To Validate Your Domain<\/h2>\n
Certificate Authorities will require you to prove you control the domain you are requesting a certificate for (Domain Validation). The most common method is an automated\u00a0Challenge Response<\/em>\u00a0via http (presenting a specific file at a url on your domain) or DNS (add a specific TXT record to your domains DNS). This complex process is handled for you automatically by the software.<\/p>\n\n![](\"https:\/\/certifytheweb.com\/images\/screens\/Auth_DNS.png\")
<\/div>\n\nAutomated DNS Challenge Response<\/h4>\n
Certify The Web<\/em>\u00a0has support for over 36 different DNS APIs and DNS automation methods (including acme-dns and custom scripting options). Popular DNS providers include Cloudflare, AWS Route53, Azure DNS and GoDaddy.<\/p>\nIf you require a wildcard certificate for a domain, most Certificate Authorities require that you validate your domain using the DNS method.<\/p>\n
\nAutomated HTTP Challenge Response<\/h4>\n
Our built-in dynamic http challenge server means you can automatically serve http challenge responses to the Certificate Authority (via port 80) without requiring http bindings on your website and without interrupting normal traffic to your website.<\/p>\n
When port 80 is in use by a non-http.sys based service (such as Apache httpd) you can fallback to serving challenge responses via your web server.<\/p>\n
Domain validation methods can be mixed as required within a single certificate order depending on your requirements.<\/p>\n<\/div>\n
![](\"https:\/\/certifytheweb.com\/images\/screens\/Auth_http.png\")
<\/div>\n\nPowerful Deployment Options<\/h2>\n
Whether you need simple auto deployment to IIS or advanced deployment to other services\/servers or remote certificate stores,\u00a0Certify The Web<\/em>\u00a0has extremely powerful options for sophisticated deployment.<\/p>\n\n![](\"https:\/\/certifytheweb.com\/images\/screens\/Deployment_Auto.png\")
<\/div>\n\nAutomated Deployment<\/h3>\n
You can let the app auto-renew certificates then automatically deploy them to the services that use the certificates (e.g. IIS websites).<\/p>\n
The default Auto Deployment will apply your certificate to applicable IIS websites, or you can use Deployment Tasks to apply the latest certificate to a range of other services.<\/p>\n<\/div>\n<\/div>\n
\n\nDeployment Tasks<\/h3>\n
Deployment Tasks are a powerful way to make use of the certificates you manage through the app. You can deploy and use your certificate in an unlimited number of ways, including:<\/p>\n
\n- MS Exchange, Remote Desktop Services<\/li>\n
- Microsoft Azure Key Vault<\/li>\n
- Central Certificate Store (CCS) via local or UNC paths<\/li>\n
- Apache, nginx, Tomcat and other services using PEM\/CRT\/chain certificate files<\/li>\n
- SFTP and SSH support<\/li>\n
- Scripting (such as a PowerShell or linux shell scripts)<\/li>\n<\/ul>\n<\/div>\n
![](\"https:\/\/certifytheweb.com\/images\/screens\/DeploymentTasks.png\")
<\/div>\n<\/div>\nPreviewing Renewals<\/h2>\n
The Preview tab shows the planned actions to be carried out during the next certificate request or automatic renewal, including:<\/p>\n
\n- Domains to be included in the cert<\/li>\n
- How domain validation will occur<\/li>\n
- The automated website bindings (IIS) which will be applied\/updated (if applicable).<\/li>\n
- Deployment Tasks such as installing your certificate on MS Exchange, exporting to Apache, nginx, Central Certificate Store (CCS), SSH\/SFTP exports etc<\/li>\n<\/ul>\n
<\/p>\n
\n![](\"https:\/\/certifytheweb.com\/images\/screens\/Preview_1.png\")
<\/div>\n![](\"https:\/\/certifytheweb.com\/images\/screens\/Preview_2.png\")
The software is constantly being improved and refined, so be sure to stay up to date with the latest version. There are many other features and details to be explored, so check out the\u00a0documentation<\/a>.<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n[\/vc_column_text][vc_column_text]<\/p>\n
Get Started<\/h2>\n
Advanced Features<\/h4>\n\n- Configurable deployment automation.<\/li>\n
- Deployment Tasks<\/a>, for zero-scripting automation of common deployments including:\n
\n- MS Exchange, Remote Access, Remote Desktop Services.<\/li>\n
- Apache, nginx, Tomcat and other services which require PEM or PFX format certificate files.<\/li>\n<\/ul>\n<\/li>\n
- Many other advanced features to help your organisation work with your certificates.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n\n\n
How Certificate Automation Works<\/h3>\n
Services which are associated with a domain (websites, mail servers, remote access etc) use DV (Domain Validated) certificates to prove that the service being used is genuine and to encrypt the communication between the end-user and the server itself.<\/p>\n
Certificate Automation works by requiring you to regularly prove control of your domains to a Certificate Authority, such as\u00a0Let’s Encrypt<\/em>, who can then issue you a new certificate for your domain with a short expiry date.<\/p>\n<\/div>\n<\/div>\n\nFeatures – Deep Dive<\/h2>\n\n<\/div>\n\nManage Certificate Domains<\/h3>\n
Each certificate may cover multiple domains. You can easily add or remove domains from a certificate and auto-populate the list of domains from existing website bindings (e.g. IIS).<\/p>\n
Depending on the Certificate Authority you choose, your certificate can include a\u00a0single domain, multiple domains (SAN<\/abbr>) or domain wildcards<\/em>\u00a0(e.g. *.certifytheweb.com) to cover multiple sites or services.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\nHow Certificate Automation Works<\/h3>\n
Services which are associated with a domain (websites, mail servers, remote access etc) use DV (Domain Validated) certificates to prove that the service being used is genuine and to encrypt the communication between the end-user and the server itself.<\/p>\n
Certificate Automation works by requiring you to regularly prove control of your domains to a Certificate Authority, such as\u00a0Let’s Encrypt<\/em>, who can then issue you a new certificate for your domain with a short expiry date.<\/p>\n<\/div>\n\nour Choice of Certificate Authorities<\/h3>\n
The current most common automated Certificate Authority is\u00a0Let’s Encrypt<\/em>, a free Certificate Authority (letsencrypt.org<\/a>). You can also choose from other\u00a0ACME<\/em>\u00a0(Automated Certificate Management Environment) Certificate Authorities, such as\u00a0BuyPass Go SSL<\/a><\/em>,\u00a0DigiCert<\/em>\u00a0or a custom certificate authority (such as\u00a0smallstep<\/a>\u00a0or\u00a0Keyon true-Xtender Enterprise PKI<\/a>).<\/p>\nIf required, each Managed Certificate can use a different Certificate Authority and you can mix use of Production or Staging (Test) certificates.<\/p>\n<\/div>\n
<\/div>\n<\/div>\n\nMultiple Ways To Validate Your Domain<\/h2>\n
Certificate Authorities will require you to prove you control the domain you are requesting a certificate for (Domain Validation). The most common method is an automated\u00a0Challenge Response<\/em>\u00a0via http (presenting a specific file at a url on your domain) or DNS (add a specific TXT record to your domains DNS). This complex process is handled for you automatically by the software.<\/p>\n\n<\/div>\n\nAutomated DNS Challenge Response<\/h4>\n
Certify The Web<\/em>\u00a0has support for over 36 different DNS APIs and DNS automation methods (including acme-dns and custom scripting options). Popular DNS providers include Cloudflare, AWS Route53, Azure DNS and GoDaddy.<\/p>\nIf you require a wildcard certificate for a domain, most Certificate Authorities require that you validate your domain using the DNS method.<\/p>\n
\nAutomated HTTP Challenge Response<\/h4>\n
Our built-in dynamic http challenge server means you can automatically serve http challenge responses to the Certificate Authority (via port 80) without requiring http bindings on your website and without interrupting normal traffic to your website.<\/p>\n
When port 80 is in use by a non-http.sys based service (such as Apache httpd) you can fallback to serving challenge responses via your web server.<\/p>\n
Domain validation methods can be mixed as required within a single certificate order depending on your requirements.<\/p>\n<\/div>\n
<\/div>\n\nPowerful Deployment Options<\/h2>\n
Whether you need simple auto deployment to IIS or advanced deployment to other services\/servers or remote certificate stores,\u00a0Certify The Web<\/em>\u00a0has extremely powerful options for sophisticated deployment.<\/p>\n\n<\/div>\n\nAutomated Deployment<\/h3>\n
You can let the app auto-renew certificates then automatically deploy them to the services that use the certificates (e.g. IIS websites).<\/p>\n
The default Auto Deployment will apply your certificate to applicable IIS websites, or you can use Deployment Tasks to apply the latest certificate to a range of other services.<\/p>\n<\/div>\n<\/div>\n
\n\nDeployment Tasks<\/h3>\n
Deployment Tasks are a powerful way to make use of the certificates you manage through the app. You can deploy and use your certificate in an unlimited number of ways, including:<\/p>\n
\n- MS Exchange, Remote Desktop Services<\/li>\n
- Microsoft Azure Key Vault<\/li>\n
- Central Certificate Store (CCS) via local or UNC paths<\/li>\n
- Apache, nginx, Tomcat and other services using PEM\/CRT\/chain certificate files<\/li>\n
- SFTP and SSH support<\/li>\n
- Scripting (such as a PowerShell or linux shell scripts)<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n
Previewing Renewals<\/h2>\n
The Preview tab shows the planned actions to be carried out during the next certificate request or automatic renewal, including:<\/p>\n
\n- Domains to be included in the cert<\/li>\n
- How domain validation will occur<\/li>\n
- The automated website bindings (IIS) which will be applied\/updated (if applicable).<\/li>\n
- Deployment Tasks such as installing your certificate on MS Exchange, exporting to Apache, nginx, Central Certificate Store (CCS), SSH\/SFTP exports etc<\/li>\n<\/ul>\n
<\/p>\n
\n<\/div>\nThe software is constantly being improved and refined, so be sure to stay up to date with the latest version. There are many other features and details to be explored, so check out the\u00a0documentation<\/a>.<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n[\/vc_column_text][vc_column_text]<\/p>\n
Get Started<\/h2>\n
- \n
- MS Exchange, Remote Access, Remote Desktop Services.<\/li>\n
- Apache, nginx, Tomcat and other services which require PEM or PFX format certificate files.<\/li>\n<\/ul>\n<\/li>\n
- Many other advanced features to help your organisation work with your certificates.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n\n\n
How Certificate Automation Works<\/h3>\n
Services which are associated with a domain (websites, mail servers, remote access etc) use DV (Domain Validated) certificates to prove that the service being used is genuine and to encrypt the communication between the end-user and the server itself.<\/p>\n
Certificate Automation works by requiring you to regularly prove control of your domains to a Certificate Authority, such as\u00a0Let’s Encrypt<\/em>, who can then issue you a new certificate for your domain with a short expiry date.<\/p>\n<\/div>\n
<\/div>\n\nFeatures – Deep Dive<\/h2>\n
\n<\/div>\n\nManage Certificate Domains<\/h3>\n
Each certificate may cover multiple domains. You can easily add or remove domains from a certificate and auto-populate the list of domains from existing website bindings (e.g. IIS).<\/p>\n
Depending on the Certificate Authority you choose, your certificate can include a\u00a0single domain, multiple domains (SAN<\/abbr>) or domain wildcards<\/em>\u00a0(e.g. *.certifytheweb.com) to cover multiple sites or services.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n\nHow Certificate Automation Works<\/h3>\n
Services which are associated with a domain (websites, mail servers, remote access etc) use DV (Domain Validated) certificates to prove that the service being used is genuine and to encrypt the communication between the end-user and the server itself.<\/p>\n
Certificate Automation works by requiring you to regularly prove control of your domains to a Certificate Authority, such as\u00a0Let’s Encrypt<\/em>, who can then issue you a new certificate for your domain with a short expiry date.<\/p>\n<\/div>\n
\nour Choice of Certificate Authorities<\/h3>\n
The current most common automated Certificate Authority is\u00a0Let’s Encrypt<\/em>, a free Certificate Authority (letsencrypt.org<\/a>). You can also choose from other\u00a0ACME<\/em>\u00a0(Automated Certificate Management Environment) Certificate Authorities, such as\u00a0BuyPass Go SSL<\/a><\/em>,\u00a0DigiCert<\/em>\u00a0or a custom certificate authority (such as\u00a0smallstep<\/a>\u00a0or\u00a0Keyon true-Xtender Enterprise PKI<\/a>).<\/p>\n
If required, each Managed Certificate can use a different Certificate Authority and you can mix use of Production or Staging (Test) certificates.<\/p>\n<\/div>\n
<\/div>\n<\/div>\n\nMultiple Ways To Validate Your Domain<\/h2>\n
Certificate Authorities will require you to prove you control the domain you are requesting a certificate for (Domain Validation). The most common method is an automated\u00a0Challenge Response<\/em>\u00a0via http (presenting a specific file at a url on your domain) or DNS (add a specific TXT record to your domains DNS). This complex process is handled for you automatically by the software.<\/p>\n
\n<\/div>\n\nAutomated DNS Challenge Response<\/h4>\n
Certify The Web<\/em>\u00a0has support for over 36 different DNS APIs and DNS automation methods (including acme-dns and custom scripting options). Popular DNS providers include Cloudflare, AWS Route53, Azure DNS and GoDaddy.<\/p>\n
If you require a wildcard certificate for a domain, most Certificate Authorities require that you validate your domain using the DNS method.<\/p>\n
\nAutomated HTTP Challenge Response<\/h4>\n
Our built-in dynamic http challenge server means you can automatically serve http challenge responses to the Certificate Authority (via port 80) without requiring http bindings on your website and without interrupting normal traffic to your website.<\/p>\n
When port 80 is in use by a non-http.sys based service (such as Apache httpd) you can fallback to serving challenge responses via your web server.<\/p>\n
Domain validation methods can be mixed as required within a single certificate order depending on your requirements.<\/p>\n<\/div>\n
<\/div>\n\nPowerful Deployment Options<\/h2>\n
Whether you need simple auto deployment to IIS or advanced deployment to other services\/servers or remote certificate stores,\u00a0Certify The Web<\/em>\u00a0has extremely powerful options for sophisticated deployment.<\/p>\n
\n<\/div>\n\nAutomated Deployment<\/h3>\n
You can let the app auto-renew certificates then automatically deploy them to the services that use the certificates (e.g. IIS websites).<\/p>\n
The default Auto Deployment will apply your certificate to applicable IIS websites, or you can use Deployment Tasks to apply the latest certificate to a range of other services.<\/p>\n<\/div>\n<\/div>\n
\n\nDeployment Tasks<\/h3>\n
Deployment Tasks are a powerful way to make use of the certificates you manage through the app. You can deploy and use your certificate in an unlimited number of ways, including:<\/p>\n
- \n
- MS Exchange, Remote Desktop Services<\/li>\n
- Microsoft Azure Key Vault<\/li>\n
- Central Certificate Store (CCS) via local or UNC paths<\/li>\n
- Apache, nginx, Tomcat and other services using PEM\/CRT\/chain certificate files<\/li>\n
- SFTP and SSH support<\/li>\n
- Scripting (such as a PowerShell or linux shell scripts)<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n
Previewing Renewals<\/h2>\n
The Preview tab shows the planned actions to be carried out during the next certificate request or automatic renewal, including:<\/p>\n
- \n
- Domains to be included in the cert<\/li>\n
- How domain validation will occur<\/li>\n
- The automated website bindings (IIS) which will be applied\/updated (if applicable).<\/li>\n
- Deployment Tasks such as installing your certificate on MS Exchange, exporting to Apache, nginx, Central Certificate Store (CCS), SSH\/SFTP exports etc<\/li>\n<\/ul>\n
<\/p>\n
\n<\/div>\nThe software is constantly being improved and refined, so be sure to stay up to date with the latest version. There are many other features and details to be explored, so check out the\u00a0documentation<\/a>.<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n[\/vc_column_text][vc_column_text]<\/p>\n
Get Started<\/h2>\n