• About this guide
  • Release notes
    • New features
    • Fixed bugs
    • Known issues
  • CA Gateway overview
  • Preparing the deployment
    • Getting the CA Gateway license
    • Downloading the installation files
    • Verifying the downloaded files
    • Loading the CA Gateway Image
    • Tagging the CA Gateway Image
    • Listing the images
    • Generating the systemd service for Podman
    • Creating the host configuration folder
    • Creating the credentials folder
    • Running cagw-util
      • Installing and configuring cagw-util
      • Creating a basic configuration with cagw-util
      • Bootstrapping CA Gateway with a cagw-util generated configuration
      • Normalizing a legacy configuration with cagw-util
      • Validating the configuration with cagw-util
    • Verifying the installation
    • Securing settings with jTinyUAL
    • Obtaining the server certificate
  • Integrating Certificate Authorities
    • Integrating a Microsoft CA
      • Setting up the Entrust Proxy for Microsoft CA
        • Installing the Entrust Proxy for Microsoft CA
        • Issuing the SSL certificates
        • Generating a client keystore for CA Gateway
        • Generating a truststore for CA Gateway
        • Generating the server keystore of the Entrust Proxy for Microsoft CA
        • Running the Entrust Proxy for Microsoft CA
      • Integrating a Microsoft CA with the Entrust Proxy
        • Adding Microsoft Management Console snap-ins
        • Creating a client authentication template for Microsoft CA
        • Creating the CA Enrollment Agents
        • Creating the RA recovery agents
        • Creating the RA enrollment agents
          • Creating RA enrollment agent credentials in a keystore file
          • Creating RA enrollment agent credentials in a PKCS#11 HSM
        • Enabling supply in the request
        • Configuring Request Handling in the Microsoft CA
        • Enabling SAN attributes in the enrollment request
    • Integrating an AWS CA
      • Installing and configuring the AWS CA plugin
      • Handling certificate events with DynamoDb
    • Integrating an ECS CA
      • Issuing the SSL certificate
      • Creating the API username and key
      • Adding tracking information to the certificate requests
    • Integrating an Entrust Certificate Authority
      • Enabling TLS 1.0 and TLS 1.1
      • Creating a certificate type for the administrator profile
      • Creating a new certificate definition policy for the certificate type
      • Mapping the certificate definition policy to the certificate type
      • Creating a client policy for the administrator profile
      • Creating a role for the administrator profile
      • Creating a user entry for the administrator profile
      • Creating the administrator profile
    • Integrating a Sectigo CA
      • Setting Sectigo permissions for API login
      • Creating the Sectigo SSL credentials trust store
      • Creating a Sectigo client key store
  • Configuring CA Gateway
    • cagw
      • authorities
        • halt-for-error
        • key-size
        • managed-cas.<ca>
          • connector-name
          • enable-ca-profile-sync
          • issuer-dn
          • key-size
          • name
          • profiles.<profile>
            • copy-cn-to-san
            • key-size
            • name
            • CA-specific profile settings
              • AWS CA profile settings
              • ECS CA profile settings
                • properties
                • requestedProperties
              • Entrust Certificate Authority profile settings
                • filter-list
                • properties
                  • ca-variable-<i>
                  • cert-definition
                  • cert-type
                  • create-ldap-entry
                  • directory-mode
                  • user-role
                  • user-type
              • Microsoft CA profile settings
              • Sectigo CA profile settings
                • Configuring the static Sectigo CA profile settings
                • Loading the dynamic Sectigo CA profile settings
            • san-requirements
            • subject-builder-config
              • subject-builder-name
                • com.entrust.adminservices.cagw.common.subjects.BasicSubjectBuilder
                • com.entrust.adminservices.cagw.common.subjects.SubAltNameSubjectBuilder
                • com.entrust.adminservices.cagw.common.subjects.TemplateSubjectBuilder
              • properties
            • subject-variable-requirements
          • properties
            • AWS CA properties
            • ECS CA properties
            • Entrust Certificate Authority properties
            • Microsoft CA properties
            • Sectigo CA Properties
        • ssl
          • trust-store
          • trust-store-password
      • caches
      • ca-polling-initial-delay
      • ca-polling-interval
      • cert-event-tracking
        • default-aws-query-backoff-seconds
        • default-query-page-size
        • overhead-epoch-adjustment
        • sm-clock-drift-tolerance
      • clients
        • integrator-id
        • role
        • subject-dn
        • tenant-id
      • cmp
        • shared
          • server.dn
          • transmitters
        • specification.customization
        • trust-store
          • aliases
          • allow-expired-vendor-certs
          • location
          • password
          • type
      • connector-filters
        • com.entrust.CAAuthorization
        • com.entrust.CertificateEvents
        • com.entrust.CertTransparency
      • integrators
      • license
      • tenants
      • tual.properties
    • logging
      • jtk
      • level.root
      • ssl.jsse
    • management
      • endpoint
      • endpoints
      • server
        • port
        • ssl
    • server
      • port
      • servlet.context-path
      • ssl
  • Starting up and deploying CA Gateway
    • Configuring the Docker installation
    • Configuring clock synchronization
    • Running the CA Gateway Docker container
    • Stopping the execution
  • Enabling CRL revocation check
  • Configuring CA Gateway clients
  • Issuing public trust certificates
    • CA Authorization
    • Certificate Transparency
  • Administrating the deployment
    • Checking the CA Gateway health
    • Checking the health of a CA
    • Managing logs
    • Updating the configuration
  • Health endpoints
    • health
    • health/{group}/diskSpace
    • health/{group}/ping
    • prometheus
  • Other endpoints
    • docs
    • swagger-ui
    • v1
    • v1/certificate-authorities/{caId}/certificate-events
    • v1/certificate-authorities/{caId}/properties
    • v1/certificate-authorities/{caId}/status
  • CA Capabilities reference
    • CA management capabilities
    • Certificate enrollment capabilities
    • Certificate management capabilities
    • Certificate search capabilities
  • Integration report