Windows AutoEnrol™ support through Jellyfish WAE handler.

Jellyfish’s autoenrolment module for Windows allows auto enrol and renew of digital certificates on Windows machines for both Machine and User certificates including smartcard and virtual smartcard.
Jellyfish’s card management module allows virtual smartcard to be created in managed or unmanaged mode. In managed mode admins have the ability manage the full lifecycle of virtual smartcard like creation, PIN reset and destruction.
This particular video shows the process of unmanaged virtual smartcard creation and certificate enrolment. All issued certificates can be viewed and managed from Jellyfish’s management console.

Benefits include:

      • Supports more than one CA
      • Supports more than one CA type (i.e. it does not need to use a Microsoft CA at the backend)
      • Supports as a Service provided CAs
      • Allows for seamless transition between CAs (even between CA products).
      • Has full integration with the searchable Jellyfish certificate database
      • Provides certificate creation rule checking

Linux Automatic Enrolment through Jellyfish SCEP handler

Autoenrolment module for Linux allows Linux machines to auto enrol and renew digital certificate. The module leverages Simple Certificate Enrolment Protocol and Certmonger to achieve certificate request and enrolment. All certificates issued can be viewed and managed by using Jellyfish management console.

The process uses a few lines of commands which could be combined into server build and config scripts to automatically enrol and configure certificates for webservers and other services running on Linux.

The first part of the video is showing a low privilege user logging into jellyfish then requesting a SCEP certificate for their Linux machine. The video then shows a high privilege user logging in and viewing then approving the users request. The original user that requested the certificate is then sent instructions on how to request a certificate on their Linux box.

The second part of the video shows a user requesting a certificate using the instructions sent to them. This also shows a full data dump of the certificate.

Benefits include:

      • Supports more than one CA
      • Supports as a Service provided CAs
      • Allows for seamless transition between CAs (even between CA products).
      • Has full integration with the searchable Jellyfish certificate database
      • Provides certificate creation rule checking
      • Uses the SCEP protocol so supports other devices and software that support SCEP
      • Requires only a standard Linux CertMonger package to be installed
      • Does not require any other configuration or installations
      • Once setup does not require any manual intervention
      • Allows for the use of a one off OTP during initial installation

Let’s Encrypt Automatic Enrolment through Jellyfish LE handler

The LetsEncrypt Proxy feature provides the ability to capture of all certificates issued or renewed from the free LetsEncrypt Certificate Authority, which can be leveraged for globally-trusted external web server certificates. Any issued certificates found by the proxy are sent to Jellyfish, giving you oversight into which LetsEncrypt certificates and domain names are being used within your environment.

The LetsEncrypt Proxy does not interfere with any of the communication between the client and LetsEncrypt services, allowing you to utilise whichever LetsEncrypt client implementation that you desire. In addition, by proxying all traffic through our service, you can ensure that all outbound LetsEncrypt traffic is managed and easily auditable through your network.

The following video shows an example Linux server requesting a LetsEncrypt certificate, the creation of the DNS TXT record that LetsEncrypt requires, and the resultant certificate shown in Jellyfish. Behind the scenes, the issued certificate is simply captured by our proxy service and sent over to Jellyfish, all without interfering with the client/server issuance process.

Benefits include:

  • Allows for free SSL certificates to be provided automatically
  • Oversight into external domains owned by the organisation
  • Reporting/auditability
  • Automatic renewal of certificates