CA Gateway communications with early Entrust Certificate Authority versions may require enabling TLS 1.0 and TLS 1.1.

To enable TLS 1.0 and TLS 1.1 in the CA Gateway container

1. Pull or load the CA Gateway Docker image.

   docker pull cagw/api:<VERSION> #OR

   docker load --input cagw-api-<VERSION>.docker.tar.gz

   Where <VERSION> is the version of the Docker image.

2. Create a workaround Dockerfile to overlay on top of the CA Gateway Docker image.

   FROM cagw/api:<VERSION>  # Temporarily change to root user

   USER root

    

   # Remove TLSv1 from the disabled list

   RUN sed -i 's/TLSv1, //' $JAVA_HOME/conf/security/java.security

   # Remove TLSv1.1 from the disabled list

   RUN sed -i 's/TLSv1.1, //' $JAVA_HOME/conf/security/java.security

    

   # Change back to cagw user

   USER cagw

3. Build the workaround Docker image.

   docker build . --tag cagw/tls_workaround:<VERSION>

4. Use the cagw/tls_workaround:<VERSION> Docker image to start the new CA Gateway container with TLS 1.0 and TLS 1.1 enabled.

   docker run -d -p 8444:8080 -v <HOST_CONFIG>:/etc/cagw/config cagw/tls_workaround:<VERSION>

   Where <HOST_CONFIG> is the folder described in Creating the host configuration folder.