You need a truststore.jks truststore containing the CA chain of the Entrust Proxy for Microsoft CA's server key.

The following instructions create a Java KeyStore (JKS) with the Java keytool  command line utility. Consider using a more secure PKCS#12 type instead.

To generate a truststore for CA Gateway

  1. Create an SSL directory under the Entrust Proxy for Microsoft CA installation. For example: 

    c:\mscaproxy\ssl

  2. In this directory, run the following command to include the certificate of the root CA and all the intermediate CAs. 

    keytool -import -noprompt -alias <CA_ALIAS> -file <CA_ALIAS>.cer -keystore truststore.jks -storepass <STOREPASS>
  3. Copy the new truststore.jks truststore in the CA Gateway server.