MS-WCCE Automated Solution for MacOS X
Windows systems have long supported Microsoft Windows Client Certificate Enrollment (MS-WCCE) which provides automatic X.509 certificate deployment and renewal with Microsoft Active Directory Certificate Services (ADCS). Apple’s MacOS X systems have no MS-WCCE support or any other built-in automated integration with ADCS. This is a key reason we created CertAccord Enterprise.
Much like MS-WCCE on Windows, CertAccord Enterprise on MacOS X (as well as Linux) enables X.509 certificate creation using Microsoft ADCS. Everything is done automatically with no OpenSSL or web forms or other manual processes.
Create Certificate In One Simple Command
This is all it takes to create a certificate using CertAccord on a Mac system:
cmb cert create purpose=webserver
This simple command will send a request to Microsoft ADCS to create an X.509 certificate and then place it on the local filesystem. No OpenSSL is used. You don’t have to create a Certificate Signing Request (CSR) and then cut-and-paste it into some web form.
Automatic Certificate Renewals
One of the great features of MS-WCCE is automatic certificate renewals. How many times have you had manually created certificates on MacOS X expire and take down a key service? Once is too many.
Any certificate that CertAccord Enterprise creates will be automatically renewed before it expires. No more manual processes to track renewals.
Active Directory Authentication
Since MS-WCCE is built into Windows it uses Active Directory (AD) to authenticate certificate requests. Wouldn’t it be nice if you could do that on MacOS X?
CertAccord Enterprise integrates with AD. Whenever you request a certificate creation from MacOS X CertAccord will prompt for AD username and password. This credential information will be used to validate the user is allowed to create certificates using CertAccord’s Role Based Access Control (RBAC). Best of all, the CertAccord AD integration is done purely through CertAccord and does not require the local MacOS X system be domain joined or have its system level authentication integrated with AD.
CertAccord Enterprise is designed to quickly and easy install into your existing Microsoft PKI environment. Typical installs take a few hours. You don’t have to major any significant changes to your Certificate Authorities or Active Directory configuration. There is no change to your MacOS X system authentication.