CertAccord© Enterprise extends certificate enrollment, renewal and trust of your PKI Certificate Authorit to computers running Linux, MacOS, and UNIX. It automates the trust, enrollment and renewal of X.509 certificates. CertAccord eliminates the manual process of requesting, installing, and renewing certificates which provides you with reduced IT labor costs, reduced errors, elimination of missed renewals and improved security through consistent policy implementation.
Certificates can be automatically created by registered computers from the CertAccord Enterprise Management Console. Alternatively the computer administrator of an end-node can request a certificate using a simple command line interface (CLI) without knowing how to create a keypair, generate a certificate request or know how to translate difficult to understand enrollment templates, formats and attribute requirements.
CertAccord Enterprise quickly and easily integrates into existing Microsoft ADCS based PKI Certificate Authorities. Almost no changes are needed in Active Directory to support the on-premise CertAccord Enterprise Server with your CA and Active Directory. Installation is quick and easy!
Major public/hosted Certificate Authority providers like GlobalSign are supported. You can have use GlobalSign exclusively for Certificates or you can simultaneously support both GlobalSign and Microsoft ADCS.
Automates Certificate creation and installation
Create enrollment policies and automate client enrollment from the CertAccord Web Management Console
Request certificates via simple command line on end-nodes without being a PKI genius
Automatically renew and install certificates without human intervention
Easily installs into existing Microsoft ADCS environments in minutes
Integrates with GlobalSign Certificate Authority exclusively or mixed with Microsoft ADCS
Web based Management Console works with Chrome, Firefox, Internet Explorer, and Safari.
CertAccord Enterprise consists of a Server and an Agent component. The Server communicates with one or more Certificate Authority (CA) products such as Microsoft ADCS using native APIs. Agent software is installed on each end-node device (e.g. Web Servers, Application Servers, etc) on which certificates will be installed and managed.
CertAccord Enterprise Server
The Server runs on Microsoft Windows Server 2012 and is typically installed on-premise on a physical or virtual machine (VM) guest.
The Server consists of three sub-components:
CertAccord Enterprise Agent
The end-node computer running the CertAccord Agent communicate with a CertAccord Server using a REST API. The Agents never communicate directly with any CA or any other Microsoft infrastructure service. This greatly simplifies the installation of CertAccord since you do not have to create or manage the end-nodes in Active Directory.
The Agent has a “daemon” or “service” process which starts automatically at system boot. The Agent daemon is responsible for checking in with a Server to look for updated policy and configurations. It is also responsible for checking and performing automatic renewals of certificates.
An IT System Administrator (admin) can also run the Agent’s Command Line Interface (CLI) to quickly and simply request a new certificate or perform other tasks. Certificate creation is as simple as running:
cmbagent cert create purpose=webserver
The Agent automates the generation of a local private key using policy data obtained from a Server. It generates a CSR and signs it, then sends the CSR to a Server and waits for a response. Once the response is received, the new certificate is stored on the local file-system.