Hello,
We recently started using Certify Management Hub and are very pleased with the product. At the moment, we mainly use it together with IIS and CCS, which has been straightforward to configure and has been working very well.
However, we have encountered several IIS sites where CCS is not an option, meaning we need to manage the certificates in another way. After reviewing different approaches, I have identified three possible options:
1. Pull solution using Task Scheduler
The Hub exports the certificate as a .pfx file to a file server.
A scheduled task on, for example, srv01 regularly checks whether a new file is available and then updates the IIS bindings accordingly.
Flow:
Hub → File Server (.pfx) ← Task Scheduler on srv01 → Updates IIS bindings
2. Push solution from Hub
The Hub triggers a custom script that connects to srv01 via PowerShell Session / WinRM and updates the IIS bindings directly.
Flow:
Hub → Custom Script via PSSession/WinRM → srv01 → Updates IIS bindings
3. Install CCM as an agent
Install CCM on the server and use it as an agent connected to the Hub to handle certificate deployment and IIS binding updates.
We would be interested to hear what you would recommend as best practice for this type of scenario?