The Certificate Enrollment Policy Web Service allows enrollment clients to retrieve certificate enrollment policies from a Certificate Authority (CA) when the clients are not permitted to access the Domain Controller. After receiving policy information from the Certificate Enrollment Policy Web Service, enrollment clients can then request a certificate from a certificate enrollment service.

In the Windows domain, install and configure the Certificate Enrollment Policy Web Service to forward WSTEP requests to Certificate Enrollment Gateway.

• It is recommended that you programmatically install and configure the service as explained in Installing and configuring the CEP Web Service using a PowerShell script.
• However, you can also perform these operations manually, as explained in Installing and configuring the CEP Web Service using the Windows graphical interface.