.
ACME
Certificate Manager supports the protocol Automatic Certificate Management Environment (ACME, read more here). The ACME protocol, as defined in RFC 8555, enables certificate automation for provisioning X.509 certificates to devices, such as web servers, printers and NAS (Network-attached storage) devices.
See also Example: ACME configuration in Protocol Gateway.
WinEP
Nexus Windows Enrollment Proxy (WinEP) facilitates enrollment to Microsoft Windows clients through native protocols. WinEP requires the WinEP service together with the WinEP Protocol Gateway servlet.
AST
Using the Authenticated Soft Token (AST) an end user or administrator can, while properly authenticated, request PKCS#12 Soft Tokens for signing and authentication.
Ping
The Ping service (monitoring service) is used for system health checks and can be used by load balancers to detect issues in nodes. A Ping call engages all internal components in the CA system, including HSM's.
See also Set up Protocol Gateway Ping.
CM WS
Simple Certificate Enrollment Protocol is a protocol for handling certificates for large-scale implementation to everyday users. SCEP is an Internet Draft in the Internet Engineering Task Force (IETF). It is defined here.
See also Example: SCEP configuration in Protocol Gateway.
SCEP Intune
Certificate Manager can be used as a third-party CA with Microsoft Intune to issue and validate certificates using Simple Certificate Enrollment Protocol (SCEP). Certificate Manager supports SCEP Intune for all SCEP Intune certified devices.
SCEP NDES
Certificate Manager supports SCEP with static and dynamic challenge passwords. SCEP with dynamic challenge passwords is complying to Microsoft's Network Device Enrollment Service (NDES) implementation.
CM SDK proxy
The SDK Proxy service is a reverse proxy for the Certificate Manager clients. It allows CM clients to connect to the Certificate Factory (CF) service remotely over the internet without the need to expose the CF service externally. Requests from CM clients are forwarded to the CF service and responses are returned as if communicating directly with CF.
CM SDK | CM SDK is a Java API for certificate management. It provides the same functionality as the CM clients RA and CC except for support of PKCS #10 requests. The CM SDK is powerful and easy to use and can be operated using both real and virtual Registration Officers. |
CM SDK Proxy | CM SDK proxy in Certificate Manager |
Distribution point | The Distribution Point in Certificate Manager can be used by external applications to retrieve the CRL, CIL or CA certificate without having to authenticate. |
EST | |
EST-coaps | EST over CoAPs support in Certificate Manager |
Ping | |
REST API |
The following enrollment methods are also supported. However, migration to REST API is recommended:
|
|
Certificate Manager REST API (RESTful application programming interface) is an HTTP-based service for certificate creation, certificate searching, certificate download, certificate revocation, certificate reinstatement, creation of PKCS#12 files and token procedure listing in Certificate Manager, read more here.
The API requires client authentication over TLS using a CM officer certificate. Write operations like revoke, reinstate and certificate issuance requires the request data to be signed by a CM officer. The REST API server can also be configured to use a CM officer for signing the requests on the caller’s behalf, enabling automated services for trusted clients.
See also Example: Certificate Manager (CM) REST API configuration in Protocol Gateway.
|
SCEP |
The SCEP support includes SCEP Intune and SCEP NDES. | |
V2X REST API | Read more on Identities for vehicle-to-everything - V2X PKI. For questions, Contact Nexus. |
WinEP |