Entrust PKI as a Service

Enrollment protocol requirements

Entrust PKIaaS integrates into Microsoft Active Directory environments and automates enrollment using the following Microsoft protocols.

MS-XCEP

MS-XCEP (​X.509 Certificate Enrollment Policy Protocol) defines the interactions between a requesting client and a responding server to exchange a certificate enrollment policy.

ℹ A certificate enrollment policy is a collection of certificate templates and certificate issuers available to the requestor for X.509 certificate enrollment.

See https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-xcep for details on this protocol.

MS-WSTEP

MS-WSTEP (WS-Trust X.509v3 Token Enrollment Extensions) defines the message formats and server behavior to manually or automatically enroll X.509 certificates for users and computers.

See https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wstep for details on this protocol.