Enterprise PKI Automation & Management

Comprehensive managed PKI solution
for mixed endpoint environments

GlobalSign Auto Enrollment Gateway

GlobalSign’s Auto Enrollment Gateway (AEG) is a fully automated, managed PKI solution that addresses
scalability in the modern mixed enterprise environment. AEG integrates GlobalSign’s hosted PKI
solution directly with Active Directory, so enterprises operating Windows environments can automate
certificate provisioning and management without the burden of maintaining their own expensive and
complex Internal CA.

Support for SCEP and ACME protocols extend support beyond the Windows
domain, enabling certificate automation for Linux servers and mobile, networking, and other devices.
Additionally, Apple OSX enrollment capabilities allow automated provisioning to all Apple machines
and devices registered with Active Directory.

GlobalSign SaaS CA

Replace your Microsoft CA
with GlobalSign SaaS CA

  • Keep the automation benefits of Microsoft
    Certificate Services and Active Directory
  • Liberate IT to focus on core competencies,
    rather than cryptography and CA tasks
  • GlobalSign manages the security, high
    availability, and CA operations, ensuring
    you meet SLAs and compliance audit
GlobalSign SaaS CA

Expand your deployment to endpoints
outside your domain & add public trust

  • Issue publicly trusted certificates
    (e.g., secure email, public-facing webservers)
  • ACME protocol support enables automated
    issuance to Linux servers
  • SCEP server functionality for issuing
    certificates to mobile and networking
    devices and integrating with MDMs

How AEG Works

The integration with Active Directory and support for SCEP and ACME protocols allow for quick and
seamless certificate registration and provisioning without sacrificing control. Certificates can be issued
from a dedicated, private issuing CA hosted by GlobalSign or from GlobalSign’s public CAs (for use cases
that require public trust), all based on GlobalSign’s highly available and secure world class infrastructure.

aeg-product-diagram.png

Watch product video

AEG Features

AEG can be installed on Windows Server 2008 R2 and 2012 R2 and offers unique features and functionality
above and beyond what is included with a Microsoft CA, including optional public trust, SCEP and ACME support,
and Apple OSX enrollment capabilities. An intuitive user interface and ability to provision certificates to
non-domain-joined objects make it easy to centralize, automate, and control all certificate activity across an organization.

Automated PKI Management

Automatically issue and manage certificates throughout their life cycle, including renewal, saving valuable IT resources and reducing the risk of expired certificates and resultant disruption in business workflows.

SaaS CA

Outsourcing cryptography and certificate management services to a publicly trusted CA reduces the risk associated with managing and maintaining an in-house PKI operation and liberates IT to focus on core competencies and business-driving IT projects.

Support Mixed Endpoint Environments

Automate certificate issuance and management for both domain endpoints (e.g., Windows users, machines, and servers) and non-domain endpoints (e.g., Linux servers, mobile devices, networking devices, etc.).

Optional Public Trust Available

If you need publicly trusted certificates (e.g., for sending digitally signed or encrypted emails outside the company, securing public webservers), you can issue certificates from GlobalSign's publicly trusted root, rather than your hosted private root.

SCEP Server

Issue certificates to non-domain-joined objects (e.g., routers, mobile devices, non-Windows machines) using the SCEP server functionalities. Enrollment can take place using a manual enrollment website, or using a Mobile Device Management (MDM) platform linked directly to the SCEP server to issue certificates for their mobile devices.

ACME Protocol Support

Use existing ACME Client software to automate SSL certificate provisioning and installation on Linux servers in your Environment. Our ACME implementation supports higher assurance OV and EV Certificates with flexible validity periods.

All Certificate Templates Supported

A wide range of pre-designed certificate templates support a variety of use cases, including S/MIME (with key archival and recover), smartcard logon, digital signatures for Microsoft Office documents, SSL, Encrypted File System (EFS), and user and machine authentication.

Key Recovery and Archival

During the certificate enrollment process, the private key is securely sent to a designated local server as part of the certificate request and is archived there. Using key archival and recovery is essential for S/MIME use cases, and helps protect encrypted data from permanent loss in the event that the original encryption key is no longer available.

Pre-designed Certificate Templates Support a Range of Use Cases

The Auto Enrollment Gateway can be used to enroll and issue certificates to all types of Active
Directory objects, including users, servers, desktops, laptops, and Domain Controllers. A wide
range of pre-designed certificate templates support a variety of use cases, including:

SSL / TLS
Certificates
Issue certificates to domain-joined servers via Active Directory integration or Linux servers via ACME protocol. Certificates can be issued from dedicated issuing CA or GlobalSign’s public CA.
MS Office
Document Signing
Replace paper-based workflows and enable electronic workflows with digital signatures for Microsoft Office documents.
Secure Email
Encrypt email communications and mitigate phishing threats by digitally signing internal emails, with the option to add public trust for external emails. Key recovery and archival are supported.
User
Authentication
Replace passwords with cost-effective and user-friendly certificate-based authentication. AD integration and silent certificate installs make deployment easy for both IT and end users.
Machine
Authentication
Mitigate the risk of rogue machines accessing your networks by limiting access to only machines and devices with properly configured certificates. AD integration and SCEP support automate certificate provisioning for mixed environments.
Mobile
Authentication
Digital certificates can be used on mobile devices for email encryption and signing, and authentication to email, VPNs, and Wi-Fi. SCEP support and integrations with leading MDM providers automate certificate provisioning.
Schedule a Demo 1-877-775-4562 or contact us online

Featured Resources