Certificate Auto-enrollment

Combine the full flexibility of EJBCA Enterprise with Active Directory

EJBCA Enterprise Certificate Auto-enrollment

Certificate Auto-enrollment gives you the ability to use the world-leading PKI from EJBCA Enterprise, while still utilizing the benefits of your Active Directory (AD) environment. This provides you with flexibility and freedom in setting up your IT security the way that best suits your needs.

With Certificate Auto-enrollment for EJBCA, you can run all administration in your AD and all your PKI in EJBCA, including easy certificate provisioning with mapping group policies. In practice, you can now seamlessly use EJBCA Enterprise for a variety of use cases, for instance Kerberos Authentication, Domain Email Replication, or Domain Controller, VPN, Windows AD, Remote Access, IoT etc. This, along with the built in transparency and user friendliness for AD users, will save you a lot of time and headaches. 


eIDAS and Smart Meter Security - people discussing
PKI software and digital signature software - people behind computer

Multiple use cases and enhanced mapping 

With the certificate auto-enrollment for EJBCA Enterprise you can add several Microsoft templates and match them with EJBCAs Profiles, and you can support multiple use cases. The enhanced mapping is possible to customize through configuration profiles. To assure consistency and to simplify work, the certificate auto-enrollment add-on fetches information from Active Directory for values such as Full Name, DNS host name, fully distinguished name, email, NETBIOS name, domain DNS root name, etc. There is also an option to automatically publish newly issued certificates to Active Directory into AD user objects. 

Redirecting servlet

In a nutshell, the Certificate Auto-enrollment add-on works as a servlet that redirects Microsoft auto-enrollment calls, that would go to Microsoft CA, and instead calls EJBCA Enterprise. The auto-enrollment servlet is enhanced to match and improve the capabilities of a Microsoft CA.

Looking at the integration support for Microsoft Active Directory in EJBCA, we found a possibility to enhance functionality and create even more value for the user. That is why we developed Certificate Auto-enrollment, where you can combine the full flexibility of EJBCA Enterprise with different AD users and machines, even supporting multiple use cases.

Download the Certificate Auto-enrollment product sheet for more information:
Download the product sheet

eIDAS compliant - people in front of computer

Contact us

Fill in your contact information below and we will get in touch with you.

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.


EJBCA Enterprise Certificate Auto-enrollment

  • Compatible with Microsoft server 2008, 2012 or later 
  • Transparent for client-side devices and software 
  • Available for EJBCA Enterprise 6.7 or later 
  • Customizable mapping between Microsoft templates and EJBCA profiles

How can we help?

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.
Contact us