+1-408-638-9323 info@revocent.com

CertAccord Enterprise


CertAccord© Enterprise extends certificate enrollment, renewal and trust of your PKI Certificate Authority to computers running Linux, MacOS, Unix (Solaris), and Windows.  It automates the trust, enrollment and renewal of X.509 certificates.  CertAccord eliminates the manual process of requesting, installing, and renewing certificates which provides you with reduced IT labor costs, reduced errors, elimination of missed renewals and improved security through consistent policy implementation.

Certificates can be automatically created by registered computers from the CertAccord Enterprise Management Console.  Alternatively the computer administrator of an end-node can request a certificate using a simple command line interface (CLI) without knowing how to create a keypair, generate a certificate request or know how to translate difficult to understand enrollment templates, formats and attribute requirements.

CertAccord Enterprise quickly and easily integrates into existing Microsoft ADCS based PKI Certificate Authorities. Almost no changes are needed in Active Directory to support the on-premise CertAccord Enterprise Server with your CA and Active Directory. Installation is quick and easy!

Major public/hosted Certificate Authority providers like GlobalSign are supported.  You can have use GlobalSign exclusively for Certificates or you can simultaneously support both GlobalSign and Microsoft ADCS.

Major Features

  • Automates Certificate creation and installation

  • Create enrollment policies and automate client enrollment from the CertAccord Web Management Console

  • Request certificates via simple command line on end-nodes without being a PKI genius

  • Automatically renew and install certificates without human intervention

  • Easily installs into existing Microsoft ADCS environments in minutes

  • Integrates with GlobalSign Certificate Authority exclusively or mixed with Microsoft ADCS

  • Web based Management Console works with Chrome, Firefox, Internet Explorer, and Safari.

How It Works

CertAccord Enterprise consists of a Server and an Agent component.  The Server communicates with one or more Certificate Authority (CA) products such as Microsoft ADCS using native APIs.  Agent software is installed on each end-node device (e.g. Web Servers, Application Servers, etc) on which certificates will be installed and managed.

CertAccord Enterprise Server

The Server runs on Microsoft Windows Server 2012 (or later) and is typically installed on-premise on a physical or virtual machine (VM) guest.

The Server consists of three sub-components:

  1. Product Database (DB).  A Microsoft SQL Server database installed locally on the Server or on a different network accessible server supplied by the customer.
  2. Certificate Authority Bridge (CAB).  Integrates and communicates with CAs.  Communicates and controls Agents.
  3. Management Console (MGMT CONSOLE).  Web based GUI which is typically used by CertAccord product admins to configure the product.


CertAccord Enterprise Agent

The end-node computer running the CertAccord Agent communicate with a CertAccord Server using a REST API.  The Agents never communicate directly with any CA or any other Microsoft infrastructure service.  This greatly simplifies the installation of CertAccord since you do not have to create or manage the end-nodes in Active Directory.

The Agent has a “daemon” (“service” process) which starts automatically at system boot.  The Agent daemon is responsible for checking in with a Server to look for updated policy and configurations.  It is also responsible for checking and performing automatic renewals of certificates.

An IT System Administrator (admin) can also run the Agent’s Command Line Interface (CLI) to quickly and simply request a new certificate or perform other tasks.  Certificate creation is as simple as running:

cmbagent cert create purpose=webserver

The Agent automates the generation of a local private key using policy data obtained from a Server.  It generates a CSR and signs it, then sends the CSR to a Server and waits for a response.  Once the response is received, the new certificate is stored on the local file-system.

More Information