Install the Entrust Proxy for Microsoft CA, as explained in the following sections.

System requirements of the Entrust Proxy for Microsoft CA

To install the Entrust Proxy for Microsoft CA, you need a machine with Windows Server 2016 (x64) or above and one of the following LTS (Long Term Support) Java distributions.

• Oracle Java x86_64 version 17
• OpenJDK 17
• AdoptOpenJDK 17

To check the Java version and architecture details, run:

Configuring the Windows domain account

Configure the Windows login account of the Entrust Proxy for Microsoft CA.

If the Entrust Proxy for Microsoft CA, the Domain Controller, and the Microsoft CA share the same server, you can select the following user and startup type combinations.

If Entrust Proxy for Microsoft CA, the Domain Controller, and the Microsoft CA are on different servers, you can only select the following combination.

In either case, enable only the following user permissions.

• Issue and Manage Certificates
• Request Certificates

Downloading Entrust Proxy for Microsoft CA

To download the Entrust Proxy for Microsoft CA:

1. Log in trustedcare.entrust.com
2. Go to PRODUCTS > Authority
3. Select your CA Gateway version.
4. Click the download link of the Entrust Proxy for Microsoft CA.
5. Unzip the compressed file's contents to your selected installation directory on the Windows machine. For example, in c:\mscaproxy

Running the Entrust Proxy for Microsoft CA installer

Run the following command as an administrator to register the Entrust Proxy for Microsoft CA as a Windows service.

When prompted, type the domain user's username in one of the following formats:

• UPN (User Principal Name)
• <domainName>\<sAMAccountName>

Type the password of the domain user and type y for allowing the log-on as a service. The installer does not wait for you to press the Enter key.