Entrust PKIaaS integrates into Microsoft Active Directory environments to automate enrollment with the following Microsoft protocols.
Protocol | Purpose | See |
|---|---|---|
X.509 Certificate Enrollment Policy Protocol (MS-XCEP) | Defines the interactions between a requesting client and a responding server to exchange a certificate enrollment policy, which is the collection of certificate templates and certificate issuers available to the requestor for X.509 certificate enrollment. | learn.microsoft.com/en-us/openspecs/windows_protocols/ms-xcep |
WS-Trust X.509v3 Token Enrollment Extensions (MS-WSTEP) | Define the message formats and server behavior to manually or automatically enroll X.509 certificates for users and computers. | learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wstep |
See below for the required configuration steps.
- Planning your WSTEP deployment
- WSTEP enrollment requirements
- Preparing the Active Directory forest for WSTEP
- Configuring an Entrust PKIaaS issuing CA for WSTEP
- Creating an Entrust-hosted Certificate Enrollment Gateway for WSTEP
- Downloading a PKIaaS Virtual Machine from the PKIaaS portal
- Installing a PKIaaS Virtual Machine
- Configuring PKIaaS Virtual Machines on the PKIaaS portal
- Enabling WSTEP for users and devices
- Managing Microsoft certificate templates in Active Directory
- Managing on-premises PKIaaS Virtual Machines
- Troubleshooting WSTEP enrollment issues
See the following video for a quick guide on the required steps.