See below for adding a new Active Directory to Entrust PKIaaS.

You can later link this Active Directory to an agent as explained in Adding an agent to a PKIaaS Virtual Machine and Linking additional Active Directories to an agent.

To add an Active Directory configuration

  1. Click  Agents > WSTEP > Root Active Directories in the sidebar.
  2. Click the Add Root Active Directory button.
  3. Select a PKIaaS Virtual Machine configuration to add the Active Directory to.
  4. Click Next and configure the following settings of a new Active Directory.

Domain Name

The name of the root domain of the Microsoft Active Directory forest that was used when Preparing the Active Directory forest for WSTEP

  • If an Active Directory with the same name exists and is linked to another agent, the wizard will display an error message.
  • If an Active Directory with the same name exists but is not linked to another agent, the wizard will display a confirmation request to load the Active Directory configuration.
  • The value used for the domain name should not be an IP address, nor should it be the FQDN of a domain controller.

Username

The user logon name obtained when Creating a PKIaaS WSTEP Service Account. This parameter supports the two formats described in:

https://learn.microsoft.com/en-us/windows/win32/secauthn/user-name-formats

For example:

mydomain\john.smith
john.smith@mydomain.com

Password

The password selected when Creating a PKIaaS WSTEP Service Account.

DNS

The DNS of the Active Directory you configured in Preparing the Active Directory forest for WSTEP. Use the following syntax to set this value.

<machine>:<port>

Where 

  • <machine> is the domain name or IP address of the DNS server.
  • <port> is the port of the DNS service.

Certificate Authority

The Certificate Authority you configured in Configuring an Entrust PKIaaS issuing CA for WSTEP.

LDAPS Trusted Certificates

The root CA certificate of the LDAPS TLS certificates chain. The PKIaaS Virtual Machine will use this root CA certificate for validating connections with the Active Directory LDAPS service. Click Add Certificate to import one or more root CA certificates.

See Setting up LDAPS on domain controllers for how to configure the LDAPS TLS certificates.