Trust Automation Proxy is EverTrust offering for PKI Automation. This software suite contains three modules:
- ACME Proxy
- SSL Scanner
- Intune Proxy
These modules are aimed at being installed within the corporate information system. Depending on network topology, different deployment architectures are available.
ACME Proxy and SSL Scanner
ACME Proxy allows to automatically deploy and renew certificates securely within an information system thanks mainly to the ACMEv2 protocol. TAP SSL Scanner scans your network for certificates, highlighting self-signed, expired or revoked certificates.
This product can also be combined with platforms such as Ansible or Puppet for a full DevOps approach, further reducing the Total Cost of Ownership related to certificate management, while keeping a high level of security and compatibility with modern browsers.
Intune Proxy allows to integrate your corporate PKI with Microsoft Intune. It is mainly based on Microsoft Intune SCEP API, as described in the official documentation.
Intune Proxy also offers a process dedicated to S/MIME encryption certificate management. As a matter of fact, when deploying secure email, it is necessary to recover on the user’s mobile the certificate-key-pair used on the user’s workstation: otherwise the user won’t be able to decrypt his mails. This easy-to-use process does not involve Microsoft Intune in the certificate recovery, thus bypassing the Microsoft Cloud when using Azure version of Intune.
EverTrust TAP validates generated certificates or those discovered by TAP SSL Scanner using configurable parameters:
- Certification chains
- Allowed DNS domains
- Certificate revocation status
- Allowed cryptographic algorithms
EverTrust TAP ACME Proxy and Intune Proxy support the following PKI software:
- Microsoft AD Certificate Services
- IDnomic OpenTrust PKI
- Nexus Certificate Manager
- Let’s Encrypt and ACMEv2 compatible PKIs
- CRMPv1 compatible PKIs
WinCertes, which is an ACMEv2 client for Windows, offering a simple Command Line Interface to manage SSL certificate on a Windows machine.
This product is free and published under GPLv3 license. We also offer commercial support if required.