Auto Enroll Features

From 389 Directory Server

The Auto Enrollment Proxy (AEP) for Windows allows users and computers in a Microsoft Windows® domain to automatically enroll for certificates issued from Red Hat Certificate System.

Designed to integrate seamlessly with your existing Windows infrastructure, the AEP module minimizes the amount of administration:

  • Users and computers registered in a Windows domain can automatically discover the location of the proxy on their network
  • Computers in a domain can automatically compose a certificate request, and submit it to a Red Hat Certificate System CA via the proxy
  • The Kerberos authentication mechanism built into Windows authenticates these certificate requests
  • When the CA issue a certificate, it is automatically installed into the requesting application


This solution can issue certificates for domain controllers, web servers, computers, and users.

Setting up the Auto Enrollment Proxy for Windows requires just two steps:

  1. Install the proxy on one machine in your domain
  2. Configure it to connect and authenticate to a Red Hat Certificate System CA

Once installed, all domain members may then utilize the Windows auto enrollment features to enroll for certificates.

[edit]

Feature List

  1. Installer
    1. Installing the proxy on atleast Win 2003 ( base and SP1 ), Win 2000 AS ( SP4 )
  2. Un-Installer - to clean up registry settings etc.
  3. Configuration UI
    1. Ability to configure CA Certs
    2. Ability to configure CA connection info
    3. Populate Active Directory with AEP settings
    4. Ability to add/remove CA information.
    5. show version information
  4. Logging
    1. Log messages to Event Viewer.
    2. Different levels to see different types of messages ( Request Processing, Cert Issuance ... )
  5. Core Operations
    1. Domain Controller Certificate Enrollment.
    2. IIS - Web Server Certificate Enrollment
    3. Computer - cert enrollments [TBD]
    4. IPSEC - Cert Enrollment [ TBD ]
  6. Run as a Service ( providing ability to stop , start the service - Starts automatically during boot up )
  7. Support for Failover
  8. Interop:
    1. Provide support for Red Hat Certificate System versions - 7.3, 7.2, 7.1 , 6.1

Next Chapter: Architecture
Top Level

Retrieved from "http://directory.fedoraproject.org/wiki/Auto_Enroll_Features"
Account