Prerequisites
Supported Windows operating systems
The following table lists the versions of Windows operating systems for client and server installations supported by Autoenrollment Server.
User | Supported operating systems |
---|---|
Client |
|
Server |
|
Required software
If the server machine that runs Autoenrollment Server installer has access to the Internet, it will acquire and install the prerequisite software. If not, you need to acquire the following from Microsoft and install both before the installation of Autoenrollment Server.
.NET Framework V4.7.1
Visual C++ Redistributable for Visual Studio 2015, 2017 and 2019 (x64)
Required hardware
Memory: 8 GB (minimum); 16 GB (recommended)
Hard Disk: 200 GB
Processor: quad-core
Preparing the Windows environment
DigiCert recommends that you carefully plan the forest structure of your network. The recommended best practice is to install CAs as a member of the root domain in the forest to provide centralized administration and control of the PKI services.
For additional best practices, see the Microsoft documentation.
Additionally:
Autoenrollment Server machine must be in a Microsoft Windows domain that runs Active Directory and contains at least one domain controller.
If you have installed Microsoft Certificate Service, do not install Autoenrollment Server on the same machine.
Autoenrollment Server must belong to a group that also has permission to enroll the template it uses to process requests.
The user configuring and running processes on Autoenrollment Server machine requires the appropriate Active Directory permissions. Typically, the Enterprise Administrator group has all the necessary permissions.
Note
DigiCert recommends that you create a group with these permissions and assign all administrators who need access to the Active Directory to this group (alternatively, this user can be a member of the Enterprise Administrators group). For the purposes of this documentation, this user is called the AE Administrator.
Supported Windows topologies
Autoenrollment Server is supported on the following windows topologies:
Single Forest with Single Domain
Single Forest with Multiple Domains
Multiple Forests with Single Domain in each
Multiple Forests with Multiple Domains in each
For steps to create trust between forests, refer to Cross-forest trust to allow Autoenrollment Server enrollments across a multi-domain forest network structure. This document outlines the installation and configuration steps for single forest deployments.
Note
Autoenrollment Server currently supports the on-premise Active Directory model only.
See Configure firewall settings and HSM guide for more details.