Native Certificate Autoenrollment for Windows

ENTERPRISE EDITION This is an EJBCA Enterprise Edition (EE) feature.

Autoenrollment Gateway Version: 1.0.1

Native Autoenrollment in Active Directory environments is available using a separate autoenroll proxy component, available as an add-on module to EJBCA Enterprise.

This documentation covers integrating EJBCA with Microsoft Auto Enrollment which requires a strong understanding of Microsoft Active Directory, Microsoft Certification Authorities, Group Policy Management, EJBCA, and PKI.

There is an assumption that an Active Directory environment and EJBCA Enterprise already exist.

This guide covers the installation of a new Microsoft Active Directory Certificate Services server to be used in conjunction with the PrimeKey Auto Enrollment servlet to proxy auto enrollment requests to EJBCA:

By the end of this guide, you should have an environment where Active Directory Domain Users and Computers will seamlessly auto enroll for certificates issued by EJBCA.