Entrust Certificate Enrollment Gateway provides automated certificate enrollment and renewal for the following protocols:
- WSTEP
- ACMEv2
- Intune-SCEP
- SCEP
- MDMWS
- MDM-SCEP
Certificate Enrollment Gateway does not archive or back up private keys for data decryption.
The following diagram illustrates the Certificate Enrollment Gateway architecture.
In this architecture:
- Each enrollment endpoint is a user or device that requests a certificate issuance or renewal.
- The Certificate Enrollment Gateway service runs in Entrust PKI Hub 1.0. This microservices-based cluster provides easy installation and uninstallation, centralized logging and reporting, and operational dashboards.
The Certificate Enrollment Gateway service supports an HTTP and HTTPS proxy for outbound connections.
- Each certificate Issuer is a Certificate Authority (CA) that issues certificates to the enrollment endpoints.