Skip to main content
Skip table of contents

Microsoft Auto-enrollment Configuration Guide


This guide provides an example configuration of integrating EJBCA with Microsoft Auto-enrollment and provides instructions for the installation of a new Microsoft Active Directory server to be used in conjunction with EJBCA.

EJBCA Auto-enrollment Integration

The EJBCA Auto-enrollment Integration, integrates into a Microsoft Active Directory environment to provide a means to automatically enroll for certificates from a third-party Certificate Authority.

EJBCA Auto-enrollment Integration

EJBCA leverages the Microsoft WSTEP and XCEP protocols to integrate into a Microsoft Active Directory environment.

  • Certificate Enrollment Policy Protocol (XCEP) enables users and computers to obtain certificate enrollment policy information.
  • WS-Trust Token Enrollment Extensions (WSTEP) enables users and computers to perform certificate enrollment by using the HTTPS protocol. 

These protocols are utilized by domain users and computers during manual and auto-enrollment for X.509 certificates.

EJBCA implements these protocols in order to provide users and computers with certificate policy information and allow for third-party enrollment points.

About this Guide

This guide provides an example configuration for integrating EJBCA with Microsoft Auto-enrollment and by the end of this guide, you will have an environment where Active Directory Domain Users and Computers will seamlessly auto enroll for certificates issued by EJBCA.

This guide requires a strong understanding of Microsoft Active Directory, Group Policy Management, EJBCA, and PKI.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.