Certificate management—the installing, revoking, and binding of certificates—is truly an ongoing management headache. You saw in chapter 9 that working with certificates on remote servers can be challenging, even with PowerShell to help automate the process. Remember the process of deploying and installing the certificates to each web server and then creating an SSL binding for each website? Add to that the challenge of searching through all those servers to determine when the certificates will expire and need to be replaced. If you want to reduce your management time and make the whole process much simpler, the new IIS 8 feature called the central certificate store (CCS) is for you.
The central certificate store is a simple concept, almost exactly the same as you saw in chapters 16 and 17 on sharing content and configuration: store all the certificates on a clustered network share and then have the website bindings point to those certificates instead of locally installed ones. Need a new certificate? Put it in the network share. Need to check for expiring certificates? Look in the network share. If you’re already using shared content and configurations, you already have everything you need to make this work, as shown in figure 18.1.
