Typically server environments, especially in business contexts for those environments, use encryption to protect data communications between or among various computers. A variety of encryption schemes are commonly used, including symmetric private key systems and asymmetric public-private key systems, among others. A common implementation of these encryption schemes includes the use of a security certificate or similar security credential. A security certificate, security token, or other security credential is usually issued or maintained by a trusted entity such as a certificate authority. The certificate authority commonly acts to verify the accuracy and authenticity of security certificates or security credentials.
Use of such security certificates or security credentials typically requires the presence of a file, sometimes also called the security certificate, on each computer that communicates with another computer. Each communicating computer can usually have multiple certificates and can contain both private keys and public keys. Each communicating computer can usually use at least one public certificate to encrypt outgoing communications to each partner and another private certificate decrypt incoming communications. When so doing, each communicating computer commonly must perform a series of checks to validate a security certificate or security credential being used by checking such things as whether an expiration date for the security certificate or security credential has expired or whether an issuing authority or trusted authority has revoked the security certificate or security credential.
In cases when large numbers of machines are communicating, a very large number of security certificates or security credentials need to be managed. Usually, such management tasks involve accessing each machine to check a status of each installed security certificate or security credential and making a determination whether each such security certificate or security credential needs to be updated or replaced. This process usually has to be repeated for each account on a machine. Each machine can have many accounts. To update all necessary certificates, an administrator usually has to log in to each user or service account on each machine to access these security certificates or security credentials. Partly because of the complexity of this task, errors can easily be made. Currently, systems that use security certificates or security credentials lack a means by which such security certificates or security credentials can be adequately managed.