Microsoft Auto-enrollment Configuration Guide

ENTERPRISE This is an EJBCA Enterprise feature.

This guide provides an example configuration of integrating EJBCA with Microsoft Auto-enrollment and provides instructions for the installation of a new Microsoft Active Directory server to be used in conjunction with EJBCA.

EJBCA Auto-enrollment Integration

The EJBCA Auto-enrollment Integration, integrates into a Microsoft Active Directory environment to provide a means to automatically enroll for certificates from a third-party Certificate Authority.

images/download/attachments/113772164/EJBCA_Auto-enrollment_Integration.png

EJBCA leverages the Microsoft WSTEP and XCEP protocols to integrate into a Microsoft Active Directory environment.

  • Certificate Enrollment Policy Protocol (XCEP) enables users and computers to obtain certificate enrollment policy information.

  • WS-Trust Token Enrollment Extensions (WSTEP) enables users and computers to perform certificate enrollment by using the HTTPS protocol.

These protocols are utilized by domain users and computers during manual and auto-enrollment for X.509 certificates.

EJBCA implements these protocols in order to provide users and computers with certificate policy information and allow for third-party enrollment points.

About this Guide

This guide provides an example configuration for integrating EJBCA with Microsoft Auto-enrollment and by the end of this guide, you will have an environment where Active Directory Domain Users and Computers will seamlessly auto enroll for certificates issued by EJBCA.

For instructions on integrating using the former auto-enrollment proxy, refer to the EJBCA 7.4.3 Auto Enrollment Configuration Guide.

This guide requires a strong understanding of Microsoft Active Directory, Group Policy Management, EJBCA, and PKI.