Certificate Enrollment Gateway requires a TLS certificate to secure incoming connections over HTTPS. This TLS certificate must be issued and installed into Entrust PKI Hub 1.0 before Certificate Enrollment Gateway can accept any enrollment requests over HTTPS.

You must issue the TLS certificate when deploying Certificate Enrollment Gateway for the first time. You must also renew the certificate before it expires so Certificate Enrollment Gateway can continue accepting enrollment requests.

• Creating a CSR for the Certificate Enrollment Gateway certificate
• Issuing TLS certificates with Entrust PKI as a Service
• Issuing TLS certificates with an on-premises CA
• Building a TLS certificate chain for the Certificate Enrollment Gateway certificate
• Installing the Certificate Enrollment Gateway certificate chain into Entrust PKI Hub 1.0