The Secardeo certEP Certificate Enrollment Proxy supports manual certificate enrollment and certificate autoenrollment from a non-Microsoft CA. (Auto-) enrollment of X.509 security certificates can be performed for computers and users in a Windows Domain and for network and mobile devices. This can be done using an internal certificate authority, or an external trust center. certEP offers a sound basis for a managed PKI (MPKI).
Trusted certificates, e.g. digital signature certificates, may be enrolled automatically from a public CA in compliance with the CA certificate policy. By this, PKI security and its use for external communication will be increased significantly. S/MIME certificates and private PKI keys may be automatically and securely distributed to mobile devices using Secardeo certMode and certPush. Secardeo certEP supports manual and autoenrollment of certificates from
For the support of further CAs please ask us.
The certEP resides between the Windows Clients and the external CA. The certEP acts as a Windows enterprise CA towards the Windows clients. The client is triggered automatically by a group policy and generates a certificate request based on a certificate template in Active Directory. The certEP receives the certificate requests using the Windows protocols and processes and transforms them before it passes the certificate requests to the CA. This way it acts as a PKI registration authority or PKI autoenrollment gateway. Certificate data and keys are stored reliably in an SQL database.
certEP will offer you the following features:
Secardeo certPush is an extension for certEP or a Microsoft CA. With certPush, X.509 user certificates and PKI private keys can be simply recovered using standard Microsoft key recovery mechanisms and securely distributed to all devices of a user in a protected PFX (.P12) container. Certificate distribution can be done automatically via secure e-mail, e.g. for unmanaged devices, or via MDM system for managed devices. The user certificates or S/MIME certificates may stem from an internal Microsoft CA or a public CA like SwissSign or QuoVadis using certEP. A user can for example then encrypt and decrypt his e-mails on his smartphone.
certPush supports the recovery of single private keys and batch recoveries of private keys of multiple users. Secardeo certPush can either recover only the current certificate and private key of a user or the whole key history into a .P12 container. certPush enables the automated user certificate distribution to mobile devices in an enterprise running iOS, Android or Windows Phone.
For automatically distributing certificates to managed iOS devices using high security and end-to-end encrypted key containers, the Secardeo certMode MDM proxy can be used in addition. certPush will then serve as a secure key recovery service.
Secardeo certRevoke is an automatic certificate revocation Service for certEP or a Windows Enterprise CA. If an Active Directory object is modified or deleted cert-Revoke sends a revocation request for all its associated certificates to the CA. The object attributes and organizational units which should be monitored can be configured. By this, automatic re-enrollment of certificates will be triggered through group policy, for example in case of name or address changes.