| CPC H04L 9/3268 (2013.01) [H04L 9/0825 (2013.01); H04L 9/3213 (2013.01); H04L 63/102 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A computer-implemented method comprising:
receiving, by a certificate management service of a cloud provider, a first request to create a certificate issuance policy, wherein the first request indicates:
one or more user accounts or roles to which the certificate issuance policy is to be applied, and
a certificate issuance rule including an action to be performed relative to requests matching the certificate issuance rule;
storing a certificate issuance policy resource including a representation of the certificate issuance rule indicated in the first request;
receiving a second request to generate a certificate, wherein the second request is associated with a user account or a role, and wherein the second request includes a plurality of parameters related to generation of the certificate requested in the second request;
determining, by a rules engine of the certificate management service, that the certificate issuance policy applies to the user account or role associated with the second request, wherein the rules engine is separate within the certificate management service from a plurality of certificate authority (CA) services with which the rules engine is integrated via an application programming interface;
modifying, based on the certificate issuance rule that was indicated in the first request, at least one of the plurality of parameters of the second request to obtain a modified second request;
generating the certificate based on the modified second request; and
returning the generated certificate as a response to the second request.
|