Enterprise PKI
Automation & Management

Outsource PKI management to a trusted third party CA

Reduce total cost of ownership for PKI by as much as 50%

Support mixed environments, variety of use cases, public or private trust models

GlobalSign Auto Enrollment Gateway

GlobalSign’s Auto Enrollment Gateway (AEG) is a fully automated, managed PKI solution that addresses scalability in the modern mixed enterprise environment. AEG integrates GlobalSign’s hosted PKI solution directly with Active Directory, so enterprises operating Windows environments can automate certificate provisioning and management without the burden of maintaining their own expensive and complex Internal CA.

Support for SCEP and ACME protocols extend support beyond the Windows domain, enabling certificate automation for Linux servers and mobile, networking, and other devices. Additionally, Apple OSX enrollment capabilities allow automated provisioning to all Apple machines and devices registered with Active Directory.

Replace your Microsoft CA
with GlobalSign SaaS CA

  • Keep the automation benefits of Microsoft Certificate Services and Active Directory
  • Liberate IT to focus on core competencies, rather than cryptography and CA tasks
  • GlobalSign manages the security, high availability, and CA operations, ensuring you meet SLAs and compliance audit

Expand your deployment to endpoints
outside your domain & add public trust

  • Issue publicly trusted certificates
  • ACME protocol support enables automated issuance to Linux servers
  • SCEP server functionality for issuing certificates to mobile and networking devices and integrating with MDMs

How AEG Works

The integration with Active Directory and support for SCEP and ACME protocols allow for quick and seamless certificate registration and provisioning without sacrificing control. Certificates can be issued from a dedicated, private issuing CA hosted by GlobalSign or from GlobalSign’s public CAs (for use cases that require public trust), all based on GlobalSign’s highly available and secure world class infrastructure.

AEG Features


AEG can be installed on Windows Server 2008 R2 and 2012 R2 and offers unique features and functionality above and beyond what is included with a Microsoft CA, including optional public trust, SCEP and ACME support, and Apple OSX enrollment capabilities. An intuitive user interface and ability to provision certificates to non-domain-joined objects make it easy to centralize, automate, and control all certificate activity across an organization.

  • ACME Protocol Support

    Use existing ACME Client software to automate SSL certificate provisioning and installation on Linux servers in your Environment. Our ACME implementation supports higher assurance OV and EV Certificates with flexible validity periods.

  • Key Recovery and Archival

    During the certificate enrollment process, the private key is securely sent to a designated local server as part of the certificate request and is archived there. Using key archival and recovery is essential for S/MIME use cases, and helps protect encrypted data from permanent loss in the event that the original encryption key is no longer available.

  • Support Mixed Endpoint Environments

    Automate certificate issuance and management for both domain endpoints (e.g., Windows users, machines, and servers) and non-domain endpoints (e.g., Linux servers, mobile devices, networking devices, etc.).

  • SCEP server

    Issue certificates to non-domain-joined objects (e.g., routers, mobile devices, non-Windows machines) using the SCEP server functionalities. Enrollment can take place using a manual enrollment website, or using a Mobile Device Management (MDM) platform linked directly to the SCEP server to issue certificates for their mobile devices.

  • All Certificate Templates Supported

    A wide range of pre-designed certificate templates support a variety of use cases, including S/MIME (with key archival and recovery), smartcard logon, digital signatures for Microsoft Office documents, SSL, Encrypted File System (EFS), and user and machine authentication.

  • Optional Public Trust Available

    If you need publicly trusted certificates (e.g., for sending digitally signed or encrypted emails outside the company, securing public webservers), you can issue certificates from GlobalSign's publicly trusted root, rather than your hosted private root.

Pre-designed Certificate Templates Support a Range of Use Cases

The Auto Enrollment Gateway can be used to enroll and issue certificates to all types of Active Directory objects, including users, servers, desktops, laptops, and Domain Controllers. A wide range of pre-designed certificate templates support a variety of use cases, including:



Tư vấn SSL

Sự hài lòng của quý khách

Là phương châm làm việc của chúng tôi

10 năm
kinh nghiệm

Đổi sản phẩm
7 ngày

Giá luôn
rẻ nhất

Giao dịch
an toàn

Cảm ơn vì sự tin tưởng