Certificate Enrolment Overview

The Certificate Enrolment Service (CES) supports auto-deployment and auto-renewal for certificates on Ricoh output devices. CES automates the interaction with the Certificate Authority to create certificates using the Customer’s Certificate Authority.

The main benefits of the Certificate Enrolment Service are:

  1. Fully automatic process with no manual interaction required.

  2. Customer environment flexibility:

    • Ricoh can develop a plugin to integrate any Certificate Authority.
    • Plugin architecture for CA communication. Supported out of the box:
      • OpenSSL
      • Microsoft Active Directory Certificate Services
      • OpenTrust PKI
      • Venafi (Trust Protection Platform and Venafi Cloud)
      • EJBCA (Primekey)
      • T-Systems IoT/M2M PKI Service
      • Hotfolder
    • CES supports the following operation modes:
      • Fully automatic (1-step approach): CES will request the certificate which is immediately delivered by the Certificate Authority with no approval required.
      • Validation (Pending) certificates (2-step approach): CES will request a certificate but will receive a tracking id from the CA instead of the certificate. CES will poll the server with the tracking id, until an Admin approves or rejects the certificate.
    • Scripting capabilities for individual requests.
  1. After a certificate is successfully deployed, CES can call an external application to run post processing tasks. Examples:
    • Calling Streamline NX to configure the Ricoh output device.
    • Call a script to change printer ports on a print server.
    • And many other capabilities.
  1. No own device management capabilities are required: Streamline NX base is used to retrieve the device list.