Importing Certificates from Microsoft CA

APPLIES TO: Versions 18.4 and later


This article describes the steps required to import certificates from Microsoft CA.


This article assumes network connectivity has been allowed for communication between TPP and the Microsoft CA. For more information, follow this link How Do I Check My Microsoft CA Communication?


The Microsoft CA certificate import process follows these high-level steps. Details for each step are documented below.

  1. Configuring Aperture for Certificate Import Job 


1. Login to the Aperture web portal as a Master Administrator.

2. Navigate to the "Jobs" page.



3. Click "+ Create New Job" to begin the create new job wizard.



4. Select "Certificate Import" option and click "Start".



5. Enter the job details:

i. Name (mandatory): The name of the job.

ii. Description (optional): Brief description for the purpose of the job.

iii. Import Type (mandatory): Select "Microsoft CA" option from list.

iv. Contacts (optional): The assigned owner of the certificate. If not supplied, policy will govern the owner.

v. Click "Next".



6. Configure the job settings:

i. Hostname or IP Address (mandatory):  The CA you selected.

ii. Credentials (mandatory): Select the CA credentials or chose to "Create New Credential".

iii. Service Name (mandatory): The service name is the common name (CN) of the CA's certificate. It's also the name of the CA as it appears in the Certificates snap-in in the Microsoft Management Console (MMC).


7. Click "Get Templates" to retrieve templates from the CA

i. Select either "Select templates to import" or "Import all templates"

ii. Using the "CA Templates Found" list, select and move one or more templates you want to use to the "Selected for this import"

Note: The recommended configuration for Microsoft CA certificate imports is to create a single import job for each CA template along with a corresponding import policy folder. This will ensure import separation and policy governance is enforced from the beginning.

iii. Below the CA Templates Found box, select the Include Expired Certificates and/or Include Revoked Certificates check boxes if you want them included during the import.

vii. Click "Next".



8. Configure the certificate import placement settings:

i. Select the specific policy folder where certificates will be placed during the import.

ii. Click "Next".



9. Configure the occurrence settings of the import job. It is recommended that import jobs follow a cadence to continue importing certificates which are created manually outside of TPP. Click "Create Job" when finished.



10. From the "Job" dashboard, you may choose to run the import job at anytime by clicking "Run Now".


Was this article helpful?
0 out of 0 found this helpful


  • Avatar
    Alexandre Menarbino

    On TPP 21.x. To manually run a discovery job:

    1. On the menu, click Configuration > Jobs.