MS-WCCE Automated Solution for Linux
Windows systems have long supported Microsoft Windows Client Certificate Enrollment (MS-WCCE) which provides automatic X.509 certificate deployment and renewal with Microsoft Active Directory Certificate Services (ADCS). Linux systems have no MS-WCCE support or any other automated integration with ADCS. This is a key reason we created CertAccord Enterprise.
Much like MS-WCCE on Windows, CertAccord Enterprise on Linux (as well as MacOS X) enables X.509 certificate creation using Microsoft ADCS. Everything is done automatically with no OpenSSL or web forms or other manual processes.
Create Certificate In One Simple Command
This is all it takes to create a certificate using CertAccord on a Linux system:
cmb cert create purpose=webserver
This simple command will send a request to Microsoft ADCS to create an X.509 certificate and then place it on the local filesystem. No OpenSSL is used. You don’t have to create a Certificate Signing Request (CSR) and then cut-and-paste it into some web form.
Automatic Certificate Renewals
One of the great features of MS-WCCE is automatic certificate renewals. How many times have you had manually created certificates on Linux expire and take down a key service? Once is too many.
Any certificate that CertAccord Enterprise creates will be automatically renewed before it expires. No more manual processes to track renewals.
Active Directory Authentication
Since MS-WCCE is built into Windows it uses Active Directory (AD) to authenticate certificate requests. Wouldn’t it be nice if you could do that on Linux?
CertAccord Enterprise integrates with AD. Whenever you request a certificate creation from Linux CertAccord will prompt for AD username and password. This credential information will be used to validate the user is allowed to create certificates using CertAccord’s Role Based Access Control (RBAC). Best of all, the CertAccord AD integration is done purely through CertAccord and does not require the local Linux system be domain joined or have its system level authentication integrated with AD.
CertAccord Enterprise is designed to quickly and easy install into your existing Microsoft PKI environment. Typical installs take a few hours. You don’t have to major any significant changes to your Certificate Authorities or Active Directory configuration. There is no change to your Linux systems authentication.