Cryptographic Security Platform 1.0.0 - Installation and administration guide [PDF]

See below for creating a source that connects Certificate Manager with the CAs managed by an Entrust CA Gateway instance.

If the CA you want to connect is an Entrust Certificate Authority initialized in a pre-8.4.10 release, please run the backfill script before creating the source to correct any missing or incorrect certificate event.

To create a CA Gateway source

Log in as an administrator with either:
- The global_admin role.
- A <user_defined> role with permission to create sources.
Go to Automate > Sources.
Click Create to configure the following settings.
Click Verify for Certificate Manager to verify all the settings. Some plugins might ask for additional configuration settings after verification.

Label

A descriptive name of the source.

Mandatory: Yes

Owner

The username of the source owner. The user who creates the source is automatically made the owner of both the source and the source certificates.

You can later edit this field and assign ownership to someone else.

Description

A description of the source purpose.

Mandatory: No

Authorization Tags

A list of authorization tags. The Custom Roles with any of these tags will grant permissions on the source.

Mandatory: No

Select Source Type

Select CAGW-Source-Plugin.

Mandatory: Yes

CA Gateway URL

The URL of the CA Gateway host.

For Entrust Managed PKI systems, your Entrust contact will provide the URL.

Mandatory: Yes

Verify server certificate

Check this box to verify the CA Gateway server certificate.

Required PKCS#12 File

The PKCS#12 file containing the keys and the certificate that Certificate Manager must present to the CA Gateway instance for accessing the CAs. This PKCS#12 file is either:

Generated when configuring your CA Gateway instance,
Provided by Entrust for API access to your Entrust Managed PKI service.

Mandatory: Yes

Required PKCS#12 Password

The password of the PKCS#12 file.

Mandatory: Yes

Optional PKCS#12 Truststore File

A truststore that will override the built-in truststore when using a private CA.

Mandatory: No

Optional Truststore Password

The password of the optional PKCS#12 truststore.

Mandatory: When selecting an Optional PKCS#12 Truststore File.