Windows Enrolment
The Windows Enrolment is a protocol for automating x.509 certificate issuance for public key infrastructure (PKI) clients. These include web servers, endpoint devices and user identities, and anywhere PKI certificates are used, as well as the associated certificates from a trusted Certificate Authority (CA). Windows Enrolment uses certificate enrolment policy to enrolment identity certificates based on authentication scheme in deployment URLs.
|
|
The Windows Enrolment feature will only be available when an administrator installs the ADSS Web RA Server with windows enrolment as described in the Installation section. |
Expand Configurations > Windows Enrolment from the left menu pane.
- CES and CEP services are supported by three authentication types:
- Windows Integrated
- Username/Password
- Client Authentication
Windows Enrolment Configurations
|
Field |
Description |
|
Enable Windows Enrolment |
Select this checkbox to enable Windows Enrolment. By default, this checkbox is unchecked. |
|
CA Certificate |
According to the Windows Certificate Enrolment Policy (CEP), a CA certificate is required to build trust. |
Windows Integrated
This section entails all the URLs for Windows Certificate Enrolment using Windows integrated authentication scheme
|
Field |
Description |
|
Certificate Enrolment Policy (CEP) |
This URL is required when managing certificate enrolment policies, format: [Server URL]/Service.svc/CEP. For instance: https://dc2016.ascertia.local:449/Service.svc/CEP |
|
Certificate Enrolment Serve (CES) |
This URL is required when managing certificate enrolment services, format: [Server URL]/Service.svc/CEP. For instance: https://dc2016.ascertia.local:447/Service.svc/CES |
Username / Password
This section entails all the URLs for Windows Certificate Enrolment using Windows Username / Password authentication scheme
|
Field |
Description |
|
Certificate Enrolment Policy (CEP) |
This URL is required when managing certificate enrolment policies, format: [Server URL]/Service.svc/CEP. For instance: https://localhost:82/1/Service.svc/CEP |
|
Certificate Enrolment Serve (CES) |
This URL is required when managing certificate enrolment services, format: [Server URL]/Service.svc/CEP. For instance: https://localhost:83/Service.svc/CES/Service.svc/CES |
Client Authentication
This section entails all the URLs for Windows Certificate Enrolment using client authentication scheme
|
Field |
Description |
|
Certificate Enrolment Policy (CEP) |
This URL is required when managing certificate enrolment policies, format: [Server URL]/Service.svc/CEP. For instance: https://localhost:84/1/Service.svc/CEP |
|
Certificate Enrolment Serve (CES) |
This URL is required when managing certificate enrolment services, format: [Server URL]/Service.svc/CEP. For instance: https://localhost:85/1/Service.svc/CES |
Click Save to save your configurations.