Hey everyone,

I was trying to find an in-house solution for PKI monitoring/tracking. We have a 2012 CA suite (offline root, 4 subs) on prem and I don't think there is much desire to go third-party hosted ($$$). Our biggest shortcoming with our PKI is that our only tracking at this point in time is solarwinds publishing a weekly report of certs in use by IIS. This form of "alerting" isn't as helpful because it doesn't alert per se (you don't know if you don't open the report) and also doesn't differentiate between internal certs versus third-party (verisign/entrust/etc), only that a site is using a certificate period.

Any ideas, solutions you've used, etc. would be appreciated!