none
Intergrated CA when is support coming for DV certifcates RRS feed

  • Question

  • Hi Key Vault Public CA integration is a massive opportunity to support automation, secure key management with ease of renewals especially add in Managed Identities.  As a consultant I get initial excitement about these features but then it drops away as only EV and OV are currently offered by Globalsign and Digicert.

    The Digicert Certcentral API allows a call for various DV certificates so question #1 Why is this not available in Key Vault, what is the blocker as it seems not the CA companies, any roadmap?

    Just want to add the case for most organizations is EV, OV generate no additional trust from the public when used in public facing websites, different browsers display the additional validation indicator differently and its simply not understood by the public, then add in the cost and today with the CI/CD push the nightmare and time that is the EV - OV validation process that simply doesn't work with modern companies.   Summary without a DV option this is a missed opportunity from MS for more Key Vault roll-outs.

    Question #2 I think most organizations look to secure internal Azure TLS connections via Private CA's any roadmap to allow an integrated CA certificate request to select a Private CA, again Digicert's API into Certcentral allows this.

       
    Tuesday, July 2, 2019 11:02 AM

All replies

  • Hi Jonesy46,

    I have reached out to the Key Vault team to ask about the roadmap for this. They usually won't give an ETA because plans can change and priorities can get shifted, but they can let us know if it's on the roadmap.

    I'll update the thread as soon as I hear back from them.


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Friday, July 5, 2019 11:27 PM
    Moderator
  • Hi Jones,

    I just heard back from the Key Vault team. 

    They said:

    1. We do not have a current plan to support DV Certificates. You can make a request in User Voice if you would like for them to integrate this. https://feedback.azure.com/forums/216840-security-and-compliance/suggestions/10877748-ecc-support-for-azure-key-vault

    2. There is no roadmap for integrated CA to use private CA. What is the use case here? 

    CAs are welcome to build on top of AKV to provide all the flavors of certificates. APIs are available for you to achieve this.


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Tuesday, July 9, 2019 11:25 PM
    Moderator
  • Hello,

    Just checking to see if you were able to see my reply?


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Friday, July 12, 2019 10:41 PM
    Moderator
  • Hello Jonesy46

    Hope you are good. I just wanted to follow up on this thread if Marilee's reponse from Product group provided you the clarification needed. If the information helps , please do mark Marilee's post as answer as it will help other community members with similar questions. 

    Thank you. 


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!!


    Tuesday, July 23, 2019 3:30 PM
    Moderator
  • I'm following up on this, please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Thanks
    Friday, July 26, 2019 9:39 PM
    Moderator