Secardeo certEP is a certificate enrollment proxy that enables native Windows auto-enrollment and manual enrollment of user, computer, and service certificates from non-Microsoft, public, private, or open-source certificate authorities (CAs). It integrates with Active Directory and supports group policy-triggered certificate requests, acting as a Windows enterprise CA towards clients. certEP allows organizations to flexibly use various CA backends—including cloud-based and open-source solutions—without requiring proprietary client software. It supports key archival, integration with mobile device management (MDM) systems, and centralized certificate lifecycle management.

Key Features

Native Windows Auto-Enrollment Support Enables certificate auto-enrollment using standard Windows protocols (WCCE).

• No proprietary client software needed
• Works with Windows 10/11 environments

Flexible CA Integration Connects to a wide range of CAs, both on-premises and cloud-based.

• Supports public, private, and open-source CAs (e.g., DigiCert, AWS, EJBCA, OpenXPKI)
• Allows switching CA providers easily

Active Directory & Group Policy Integration Leverages AD certificate templates and group policies for automation.

• Triggers certificate requests via GPO
• Publishes certificates in AD

Key Archival & Recovery Supports secure storage and recovery of private keys.

• Key archival with encryption by Key Recovery Agents
• Enables secure distribution to mobile devices

Multi-CA and Multi-Device Support Handles multiple CAs and device types in one deployment.

• Connects with several CAs simultaneously
• Supports network and mobile device enrollment via NDES/SCEP

Operational Enhancements Includes features for efficient management and security.

• Auto-renewal, duplicate request control, revocation handling
• Customizable notifications and approval workflows
• SQL database support for reliable storage

Benefits

Vendor Independence and Flexibility Allows use of any CA backend, reducing lock-in and enabling cloud migration.

• Easily add or change CA providers
• Supports both on-premises and cloud PKI

Centralized and Automated Certificate Management Reduces administrative overhead and increases security.

• Automates certificate lifecycle for large environments
• Minimizes manual intervention and errors

Enhanced Security and Compliance Supports secure key management and compliance with modern standards.

• Key archival and recovery
• Supports latest cryptographic standards and S/MIME specifications