Seeking Alternative for ADCS Auto-Enrollment with Dogtag-PKI

[LH-Lawliet]

Hello,

We are in the process of replacing all Microsoft solutions in our infrastructure with open-source alternatives while continuing to use Windows clients. Our teams are accustomed to administering Microsoft interfaces, so we aim to maintain a similar level of usability.

So far, we have successfully replaced Active Directory DC with Samba-DC and are now working on replacing ADCS with Dogtag-PKI, which seems to be the most suitable option. We are comfortable using profiles instead of templates, but we require an auto-enrollment feature. Currently, with ADCS, this is straightforward to configure. However, with Dogtag, it appears that the Auto-Enrollment Proxy (AEP) feature has been deprecated (AEP Documentation).
We would prefer not to use FreeIPA, as this would require managing two separate directories. While we are experimenting with SCEP certificates as an alternative, this approach is not ideal. Additionally, we need a way to specify which profiles an end device can use for auto-enrollment.

Given this situation:

Was there a technical reason for discontinuing AEP maintenance?
Does anyone have recommendations or alternative solutions that could meet our requirements with dogtag-pki ?

Thank you for your insights!