US Patent 11290283 Automated replacement of self-signed server certificates

Certain aspects and features provide an automated process for a server switching from a self-signed digital certificate to a digital certificate signed by a trusted certificate authority (CA). During initiation of an encrypted communication session, for example, during a transport layer security (TLS) handshake, upon receiving a client hello message, the server determines if it is using a self-signed digital certificate. If so, the server automatically creates and sends a certificate signing request, receives a CA-signed digital certificate, and replaces the self-signed digital certificate in its key store with the CA-signed digital certificate. The server then includes the new, CA-signed digital certificate in the server hello message sent back to the client to establish the encrypted communication session.