Certificate Request from Twocanoes Software
Certificate Request is a powerful utility for the Mac that is used to request and install digital certificates directly from Active Directory. This utility automatically discovers all the required information from Active Directory, once you have obtained a kerberos ticket, and then requesting a digital certificate can be as simple as clicking a single button. The digital certificate can be used for configuring wireless, Mail, VPN, or many other services on macOS that requires certificates issued by Active Directory.
Certificate Request doesn’t require any changes to Active Directory. Certificate requests are sent over standard Windows protocols (DCE/RPC).
Active Directory binding not required
Certificate Request uses Kerberos to authenticate with Active Directory and doesn’t require the Mac to be bound to Active Directory. If the Mac is bound, Certificate Request can use the existing kerberos credentials from login to request a certificate.
Certificate Request automatically discovers all of the Active Directory information that is required, including the name of the Active Directory Certificate Authority server, the Certificate Authority name, and all available certificate templates. Certificate Request even downloads the Active Directory Root Certificate automatically and makes it easy to configure the Mac to trust it.
Keychain or YubiKey
Certificate Request installs digital certificates directly to the standard macOS keychain or YubiKey hardware encryption device. The private key never leaves the keychain or the yubikey, so it is secure.
Certificate Request automatically detects if a login has already occurred and if there are kerberos credentials available. If there are multiple credentials available, Certificate Request gives the option to select the appropriate one. Certificate Request can also purge all credentials, and certificates use SHA512 hashing and 2048 bit RSA keys.
Multiple Template Support
Since digital certificates can be used in many different services, Active Directory bundles the settings into Templates. Certificate Request shows all available templates on the Active Directory server and makes it easy to select the appropriate one for the service you require (i.e. VPN, Mail, Wi-Fi, etc).