About the integration
This guide describes how to enable HSM integration with Microsoft NDES. UTIMACO HSM secures the signing private keys used by Microsoft NDES.
Microsoft Network Device Enrollment Service
The Network Device Enrollment Service (NDES) is one of the role services of the Active Directory Certificate Services (ADCS) role in Windows server. It implements the Simple Certificate Enrollment Protocol (SCEP). SCEP was originally designed to semi-automatically enroll certificates to Cisco network devices in a closed network where all endpoints are trusted, like routers or VPN concentrators.
SCEP does not include any mechanisms of verifying the certificate requestor’s identity, instead it relies on a Registration Authority (RA) to handle this sensitive task.
The Network Device Enrollment Service performs the following functions:
- Generates and provides one-time enrollment passwords to administrators
- Submits enrollment requests to the CA
- Retrieves enrolled certificates from the CA and forwards them to the network device
Refer to the Microsoft documentation, for more information about Microsoft NDES.
UTIMACO CryptoServer HSM
CryptoServer is a hardware security module developed by UTIMACO IS GmbH. CryptoServer is a physically protected specialized computer unit designed to perform sensitive cryptographic tasks and to securely manage as well as store cryptographic keys and data. It can be used as a universal, independent security component for heterogeneous computer systems.
Are you interested in this document?
Simply add it to your collection. You can request access to this and other documents in your collection all at once via the blue basket on the right.