In Certificate Enrollment Gateway, the client credential is called the CA Gateway Keystore. The CA Gateway Keystore can contain multiple private keys (multiple PrivateKeyEntry entries) and certificates. You can specify the alias of the private key to use for the client credential when you configure Certificate Enrollment Gateway.
Certificate Enrollment Gateway requires a client credential issued from Entrust CA Gateway. Certificate Enrollment Gateway uses this client credential to access and authenticate to Entrust CA Gateway. The client credential must be a PKCS #12 (P12) file that contains a private key and client certificate issued by a Managed CA in Entrust CA Gateway.
To issue a client credential to Certificate Enrollment Gateway, you must configure Certificate Enrollment Gateway as a client in Entrust CA Gateway. In Entrust CA Gateway, you must assign the Certificate Enrollment Gateway client either the integrator or policy-override-tenant role.
For information about configuring clients in Entrust CA Gateway, see the Entrust CA Gateway documentation.