2.2 Protocol Summary
The following table provides a comprehensive list of the Certificate Services protocols.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Windows Client Certificate Enrollment Protocol |
This protocol is based on DCOM. It is responsible for certificate enrollment, and it enables clients to request various services from a CA, such as certificate enrollment and property retrieval. |
|
|
Certificate Services Remote Administration Protocol |
This protocol is responsible for CA administration, and it enables administrative tools to configure the state and policy of a CA on a server. |
|
|
ICertPassage Remote Protocol |
This protocol is a subset of the Windows Client Certificate Enrollment (WCCE) Protocol used for certificate enrollment over RPC by clients that do not support DCOM. |
|
|
Certificate Templates Structure |
Certificate templates are stored in Active Directory and are used when the CA operates as an enterprise CA. They contain details about requesting and issuing certificates. Policy algorithms on the CA use certificate templates to determine how to respond to certificate requests. [MS-CRTD] defines attributes that are accessed by using the Lightweight Directory Access Protocol (LDAP). |
[MS-CRTD] |
|
X.509 Certificate Enrollment Policy Protocol |
This protocol is based on SOAP. It enables clients to retrieve enrollment policies. |
|
|
WS-Trust Enrollment Extensions |
This protocol is based on SOAP. It provides Web services-based certificate enrollment, renewal and pending certificate retrieval. The WS-Trust profile enables X.509 certificate enrollment. |
The Certificate Services protocols are grouped according to their primary purpose.
Certificate enrollment protocols:
Protocols in the following table enable certificate enrollment.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Windows Client Certificate Enrollment Protocol |
This protocol is based on DCOM. It is responsible for certificate enrollment, and it enables clients to request various services from a CA, such as certificate enrollment and property retrieval. |
[MS-WCCE] |
|
ICertPassage Remote Protocol |
This protocol is a subset of the WCCE Protocol used for certificate enrollment over RPC by clients that do not support DCOM. |
[MS-ICPR] |
|
WS-Trust Enrollment Extensions |
This protocol is based on SOAP. It provides Web services-based certificate enrollment, renewal, and pending certificate retrieval. The WS-Trust profile enables X.509 certificate enrollment. |
[MS-WSTEP] |
Certificate Services Administration Protocols:
Protocols in the following table enable remote administration of the certificate services.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
Certificate Services Remote Administration Protocol |
This protocol is responsible for CA administration, and it enables administrative tools to configure the state and policy of a CA on a server. |
[MS-CSRA] |
Certificate Enrollment Policy (CEP) Protocols:
Protocols in the following table enable certificate enrollment policy.
|
Protocol name |
Description |
Short name |
|---|---|---|
|
X.509 Certificate Enrollment Policy Protocol |
This protocol is based on SOAP. It enables the client to retrieve enrollment policies. |
[MS-XCEP] |
|
Certificate Templates Structure |
Certificate templates are stored in Active Directory and are used when the CA operates as an enterprise CA. They contain details about requesting and issuing certificates. Policy algorithms on the CA use certificate templates to determine how to respond to certificate requests. [MS-CRTD] defines attributes that are accessed by using the Lightweight Directory Access Protocol (LDAP). |
[MS-CRTD] |