"Secardeo certEP is used by global corporations for the auto-enrollment of hundreds of thousands of user and computer certificates from non-Microsoft CAs."

Extend your AD integrated PKI and keep it flexible!

• Add a public CA to your Active Directory easier than a Microsoft CA.
• Replace your internal Windows PKI by cloud-based private CAs like AWS with just a few clicks.
• Keep the option to change the CA provider flexibly.
  

The Secardeo Certificate Enrollment Proxy (certEP) is a component that resides between the Windows clients and the issuing CA. The certEP acts as a Windows enterprise CA towards Windows clients and it supports manual certificate enrollment and certificate autoenrollment from a non-Microsoft CA. This is done by using standard protocols and native tools without the need for distributing proprietary client software. The client is triggered automatically by a group policy and generates a certificate request based on a certificate template in Active Directory. certEP receives the certificate requests, enhances them with the required attributes and forwards them to the issuing CA. certEP uses Microsoft certificate template information to process certificate requests. After receiving the issued certificate from the CA, it is passed to the requesting Windows client. Additionally, the certEP supports key archival, e.g. for S/MIME certficates. Private keys can be archived by encrypting them by KRA certificates. Certificate data and keys are stored reliably in an SQL database. By this, S/MIME certificates and private PKI keys may be automatically recovered and securely distributed to mobile devices using Secardeo certPush.

A series of CA backends is already provided in the product:

• Open Source PKI servers like EJBCA, OpenXPKI or DogTag
• Commercial CA servers like Red Hat, MTG, or even a Microsoft CA
• Public Cloud CA services like SwissSign, DigiCert or GlobalSign
• Private Cloud CA services like AWS or SwissSign