You can modify an External Account Binding credential if you need to update or correct some information provided by the External Account Binding credential. When modifying an External Account Binding credential, you can change the following information:

  • A friendly name that uniquely identifies the External Account Binding credential.
  • The CA ID in Entrust CA Gateway of the Certificate Authority (CA) that will issue certificates to the ACMEv2 clients.
  • The Profile ID in Entrust CA Gateway of the certificate profile that defines the certificate type issued to the ACMEv2 clients.
  • A list of permitted algorithms that ACMEv2 clients can use for enrollment with External Account Binding.
You cannot change the HMAC (Hash-Based Message Authentication Code) key or ACMEv2 Request URL used by ACMEv2 clients. The key and URL were automatically generated when the credential was created and cannot be changed.

To modify an External Account Binding credential

  1. On the Entrust Deployment Manager or Cryptographic Security Platform node hosting the EAB Utility, log in as sysadmin.
  2. Enter the following command to launch the EAB Utility:
    sudo eab-util
  3. The main menu appears:
  4. Select Manage EAB credentials, and then press Enter.
    A list of External Account Binding credentials appears. For example:
  5. Select the credential you want to edit, and then press Enter.
    A Manage EAB Credentials page appears. For example:

    If you change any details, the View Details option will change to a Submit option.
  6. To change the friendly name of the credential:
    1. Select Friendly Name. then press Enter.
    2. Edit the friendly name for the credential. The name must start and end with an alphanumeric character. The name must be a maximum 25 characters long. The name can contain uppercase and lowercase letters, numbers, spaces, and the following non-alphanumeric characters: 
      , ! @ # & * : ( )
    3. Press Enter.
  7. To change the Certification Authority that will enroll the ACMEv2 client for a certificate:
    1. Select Certificate Authority, then press Enter.
      The Select Certificate Authority page appears. 
    2. Select a Certification Authority from the list, then press Enter.
  8. To change the certificate profile defined in CA Gateway that will be used to issue the certificate to the ACMEv2 client:
    1. Select Certificate Profile, and then press Enter.
      The Select Certificate Profile page appears.
    2. Select the certificate profile that will issue the certificate to the ACMEv2 client, and then press Enter.
  9. To change the algorithms that ACMEv2 clients can use for enrollment with External Account Binding:
    1. Select Permitted Algorithms, and then press Enter.
      The Select HMAC Algorithms page appears.
    2. You can enable or disable an algorithm by selecting the algorithm, and then pressing Enter or spacebar. A checkmark next to the algorithm indicates the algorithm is permitted to be used for External Account Binding. 
    3. Select Done, and then press Enter.
  10. Select Submit and then press Enter.
    The External Account Binding credential is updated with the changes you made. The EAB Credential Details page appears. 
  11. Click OK.
    The list of External Account Binding credentials reappears.