See below for details on the CSP Enrollment Services support for MS-WSTEP.
- MS-WSTEP version supported by CSP Enrollment Services
- MS-WSTEP requests supported by CSP Enrollment Services
- MS-WSTEP domain enrollments supported by CSP Enrollment Services
- Windows products supported for MS-WSTEP enrollment with CSP Enrollment Services
- Load balancer support for MS-WSTEP enrollment with CSP Enrollment Services
MS-WSTEP version supported by CSP Enrollment Services
CSP Enrollment Services supports the 12.0+ version of the MS-WSTEP protocol described at:
MS-WSTEP requests supported by CSP Enrollment Services
CSP Enrollment Services supports the following MS-WSTEP types.
Request type | Supported |
|---|---|
New |
|
Renewal |
|
Enroll On Behalf Of |
|
Key Archival |
|
Key Attestation |
|
MS-WSTEP domain enrollments supported by CSP Enrollment Services
CSP Enrollment Services supports the following MS-WSTEP domain enrollments.
- Domain and Sub-domain enrollments
- Read-Only Domain Controllers,
- Multiple Domains in the same Active Directory Forest and across trust-established forests.
- Cross Forest support across established trusts between the forests.
Non-domain enrollments are not supported.
Windows products supported for MS-WSTEP enrollment with CSP Enrollment Services
The CSP Enrollment Services support for MS-WSTEP enrollment has been tested in the following Windows products.
Windows product | Version |
|---|---|
Windows Domain Schema | 2012 R2+ or later, the latest cipher support required. |
Windows Server | 2019 (IIS10 required for Certificate Enrollment Policy service) |
Windows endpoints | 10+, 2012 R2+ |
Load balancer support for MS-WSTEP enrollment with CSP Enrollment Services
MS-WSTEP enrollment with CSP Enrollment Services supports high availability with the following load-balancing layers.
Load balancing layer | Supported |
|---|---|
2 |
|
3 |
|
4 |
|
7 |
|