Abstract: Signed digital certificates can be automatically obtained from a trusted certificate authority. For example, a computing device can receive a request associated with a handshake procedure for establishing a secure session between a client device and a server. The request can indicate a trusted certificate authority that issues signed digital certificates. The computing device can determine that a local key store that is local to the server does not have a signed digital certificate issued by the trusted certificate authority and responsively obtain the signed digital certificate from the trusted certificate authority. The computing device can return the signed digital certificate back to the client device as part of the handshake procedure to establish the secure session.

Abstract: Certain aspects and features provide an automated process for a server switching from existing digital certificate that is expired or about to expire to a new digital certificate signed by a trusted certificate authority (CA). During initiation of an encrypted communication session, for example, during a transport layer security (TLS) handshake, upon receiving a client hello message, the server determines whether it is using a renewable digital certificate. If so, the server automatically creates and sends a certificate signing request; receives a new, CA-signed digital certificate; and replaces the existing digital certificate in its key store with the new digital certificate. The server then includes the new digital certificate in the server hello message sent back to the client to establish the encrypted communication session.

Abstract: Signed digital certificates can be automatically obtained from a trusted certificate authority. For example, a computing device can receive a request associated with a handshake procedure for establishing a secure session between a client device and a server. The request can indicate a trusted certificate authority that issues signed digital certificates. The computing device can determine that a local key store that is local to the server does not have a signed digital certificate issued by the trusted certificate authority and responsively obtain the signed digital certificate from the trusted certificate authority. The computing device can return the signed digital certificate back to the client device as part of the handshake procedure to establish the secure session.

Abstract: Certain aspects and features provide an automated process for a server switching from existing digital certificate that is expired or about to expire to a new digital certificate signed by a trusted certificate authority (CA). During initiation of an encrypted communication session, for example, during a transport layer security (TLS) handshake, upon receiving a client hello message, the server determines whether it is using a renewable digital certificate. If so, the server automatically creates and sends a certificate signing request; receives a new, CA-signed digital certificate; and replaces the existing digital certificate in its key store with the new digital certificate. The server then includes the new digital certificate in the server hello message sent back to the client to establish the encrypted communication session.