Certificate Auto-enrollment

Combine the full flexibility of EJBCA Enterprise with Active Directory

EJBCA Enterprise Certificate Auto-enrollment

Certificate Auto-enrollment gives you the ability to use the world-leading PKI from EJBCA Enterprise, while still utilizing the benefits of your Active Directory (AD) environment. This provides you with flexibility and freedom in setting up your IT security the way that best suits your needs.

With Certificate Auto-enrollment for EJBCA, you can run all administration in your AD and all your PKI in EJBCA, including easy certificate provisioning with mapping group policies. In practice, you can now seamlessly use EJBCA Enterprise for a variety of use cases, for instance Kerberos Authentication, Domain Email Replication, or Domain Controller, VPN, Windows AD, Remote Access, IoT etc. This, along with the built in transparency and user friendliness for AD users, will save you a lot of time and headaches. 


Discussing smart meter security
PKI and certificate auto-enrollment

Multiple use cases and enhanced mapping 

With the certificate auto-enrollment for EJBCA Enterprise you can add several Microsoft templates and match them with EJBCAs Profiles, and you can support multiple use cases. The enhanced mapping is possible to customize through configuration profiles. To assure consistency and to simplify work, the certificate auto-enrollment add-on fetches information from Active Directory for values such as Full Name, DNS host name, fully distinguished name, email, NETBIOS name, domain DNS root name, etc. There is also an option to automatically publish newly issued certificates to Active Directory into AD user objects. 

Redirecting servlet

In a nutshell, the Certificate Auto-enrollment add-on works as a servlet that redirects Microsoft auto-enrollment calls, that would go to Microsoft CA, and instead calls EJBCA Enterprise. The auto-enrollment servlet is enhanced to match and improve the capabilities of a Microsoft CA.

Looking at the integration support for Microsoft Active Directory in EJBCA, we found a possibility to enhance functionality and create even more value for the user. That is why we developed Certificate Auto-enrollment, where you can combine the full flexibility of EJBCA Enterprise with different AD users and machines, even supporting multiple use cases.

Talking about smart meter security concerns

Contact us

Fill in your contact information below and we will get in touch with you.

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.


EJBCA Enterprise Certificate Auto-enrollment

  • Compatible with Microsoft server 2008, 2012 or later 
  • Transparent for client-side devices and software 
  • Available for EJBCA Enterprise 6.7 or later 
  • Customizable mapping between Microsoft templates and EJBCA profiles