The Central Certificate Store
The Central Certificate Store (CCS) feature of IIS provided a mechanism to place certificates in a file share for use by multiple web servers. This feature can be enabled, disabled, and configured through the CCS API /api/webserver/centralized-certificates/{id}.
Requirements
To enable the Central Certificate Store, the API must have read access to the physical path that the store will be configured to use. This access is granted in the files section of the application settings. Attempting to set the path of the CCS to a physical path that is not allowed will result in a 403 Forbidden error.
Checking if CCS is enabled
If the central certificate store feature is disabled, the ccs endpoint will return a 404 Feature Not Installed response.
GET /api/webserver/centralized-certificates/{id}, when CCS is not enabled
{
"title": "Not found",
"detail": "IIS feature not installed",
"name": "IIS Central Certificate Store",
"status": "404"
}
Enabling CCS
To enable the Central Certificate Store, a POST request should be sent to the CCS API endpoint along with all the necessary data to enable the feature.
POST /api/webserver/centralized-certificates/{id}
{
"path": "\\\\FileShare\\certs",
"identity": {
"username": "{Username of windows identity used to access file share}"
"password": "{Password of windows identity used to access file share}"
},
"private_key_password": "{Password used to encrypt private keys}"
}
Updating CCS
The Central Certificate Store settings can be modified using a PATCH request with the updated settings.
Disabling CCS
To disable the Central Certificate Store, a DELETE request should be sent to the CCS endpoint.
DELETE /api/webserver/centralized-certificates/{id}
204 No Content
Reading CCS Certificates
When the central certificate store is enabled its certificates can be viewed through the certificates API. In order to populate the CCS certificates, the file share that the CCS is configured to use must allow READ access to the computer that the API is running on. This behavior is the same as using a file share with the files API.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for