How do I use MS-XCEP and MS-WSTEP in .NET or JavaScript to get a certificate from AD CS?

Active Directory Certificate Services offers a web service that implements MS-XCEP and MS-WSTEP for non-domain connected computers to submit a certificate request.

This certificate can be used for digital signatures, encryption, and more.

Is there a WSDL I can use to interact with these web services? How should I interact with them in C# or Javascript?

WCF provides configuration options for a variety of web service connections. From past experience, I required a WSDL from the client I was connecting to - this generated the function call stubs. I then had to "describe" the communication mechanism through the web.config. At runtime, WCF will automatically generate the envelope for you.

Using WCF's message tracing you will be able to see the envelopes - this will allow you to verify if the message structure is close to the examples provided in the MS documentation. You may have to "inject" into the envelope construction process to provide custom attributes, but if this is a standard AD implementation these modifications would not be required.

If you're still failing to receive meaningful output from the connection after that, reach out to the AD admin team, as they may know clients who have successfully connected and/or the meaning of obscure error messages you're receiving.

No idea on Javascript, I think it would be a lot of work to manually construct the envelope and handle the output coming back - MS already provides a wealth of support for the complex data structures required.

Active Directory Certificate Services offers a web service that implements MS-XCEP and MS-WSTEP for non-domain connected computers to submit a certificate request.

This certificate can be used for digital signatures, encryption, and more.