![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 11%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E4%3C/text%3E%3C/svg%3E)
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,798 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 92%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYL%3C/text%3E%3C/svg%3E)
Hello,
Thank you for posting in Q&A forum.
- Is it possible to apply APIs to a certificate authority to register a specific certificate and based on specific application needs?
Yes, APIs (Application Programming Interfaces) can be applied to Certificate Authorities (CAs) to register specific certificates and operate based on specific application requirements. This is often referred to as a "certificate issuance API" or similar term. Through APIs, applications can securely interact with CAs, submit certificate enrollment requests, authenticate users, receive certificates, and more. This approach not only increases the degree of automation, but also enhances the flexibility and scalability of the system.
- Can NDES services apply for API issuance certificates?
The Network Device Enrollment Service (NDES) service itself does not directly provide the function of issuing certificates through APIs, but it is a deployment method of Microsoft's Simple Certificate Enrollment Protocol (SCEP), and SCEP does support interacting with CAs through APIs to register certificates. So, if your goal is to implement API-based certificate issuance using NDES, you're actually doing so through the SCEP protocol. In this case, you need to make sure that your CA supports the SCEP protocol and that the NDES service is properly configured to accept and process certificate enrollment requests from your application.
3.Can I Apply for an API Certificate for CES/CEP Service?
CEP can request a certificate via API (in this case, HTTP/HTTPS request). CEP is essentially a protocol for registering and obtaining certificates through web service APIs.
In a PKI server that implements CEP, clients (such as network devices and applications) send HTTP requests containing certificate registration information to the server. The server processes these requests, verifies the client's identity, and issues certificates based on policy.
The specific implementation details of the CEP protocol (such as API endpoints, request formats, response formats, authentication mechanisms, etc.) may vary depending on the PKI Server implementation. Therefore, when using CEP, it is necessary to refer to the documentation of the specific PKI Server or contact the vendor for details.
The following websites may be helpful to you.
https://www.forsenergy.com/en-us/certsvr/html/ee335ea9-e1d1-4f85-b9a4-ab0a8e75a7d2.htm
Certification Authority Web Enrollment Role Service in Windows Server | Microsoft Learn
Request certificates using Web Enrollment in AD CS | Microsoft Learn
I hope the information above is helpful.
Best Regards,
Yanhong Liu
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.