In Entrust CA Gateway, you must create profiles for each Managed CA that will issue certificates for ACMEv2 enrollment. Each profile must issue one of the ACMEv2 certificate types you added earlier to Security Manager.
When adding these profiles to CA Gateway:
- The
subject_builder_configfield is not supported. - The
subject-variable-requirementsfield is not supported. - The values of the
cert_type(certificate type) andcert_definition(certificate definition) parameters must match the values specified in Security Manager. The value of the
create_ldap_entryparameter must befalse.
The following example shows multiple Managed CA profiles configured in CA Gateway for ACMEv2 enrollment, one profile for each ACMEv2 certificate type you created earlier in Security Manager.
- name: "ACME TLS Client" unique_id: acme_tls_client properties: cert_type: acme_tls_client cert_definition: Dual Usage user_type: Web Server create_ldap_entry: false- name: "ACME TLS Server" unique_id: acme_tls_server properties: cert_type: acme_tls_server cert_definition: Dual Usage user_type: Web Server create_ldap_entry: false- name: " ACME TLS Client Server" unique_id: acme_tls_client_srv properties: cert_type: acme_tls_client_srv cert_definition: Dual Usage user_type: Web Server create_ldap_entry: false