To configure Entrust Authority Security Manager as an External CA, select the Entrust CA option from the CA Type drop down. These options will be shown:


The items are described in this table:

Items

Description

CA  Alias

An operator-defined descriptive name to make it easier for ADSS Server operators to manage multiple certificate authorities. The name used must be unique.

CA Type

ADSS Server can be configured to request certificates from the Entrust CA. All requests received in the corresponding ADSS Certification Service will be forwarded to the defined External CA for processing. The supported request types are: 

  • CREATE
  • RENEW
  • REVOKE
  • REINSTATE

The above operations can also be performed on ADSS Console and all the requests will be routed to Entrust CA configured as an External CA.


CA Certificate

All the CA certificates configured in Trust Manager with the purpose CA (will be used to verify other certificates and CRLs) are available in this drop down list. 

Select the target Entrust CA certificate. 

Note:  The complete certificate chain of the Entrust CA must be registered in Trust Manager.

Entrust Proxy

ADSS Entrust Proxy Server is a middleware application that has been developed by Ascertia. This application facilitates the communication between ADSS Server and the Entrust Certification Authority for the issuance, revocation and renewal of the certificates. 

Enter the ADSS Entrust Proxy Server details, e.g.  http://<IP Address>:<Port>/adssentrust/proxy

Note:  The adss_entrust_proxy_server.zip package is available within the [ADSS Server installation directory]/support location. Follow the instructions in /docs folder of the adss_entrust_proxy_server.zip to deploy this.

Certificate Type

Specify the Certificate Type that uniquely identifies its type and specifies the category to which that certificate type belongs e.g. ent_nonrepud

For more information on available options, contact your Entrust SM Administrator. 

Certificate Purpose

Specify the Certificate purpose which describes a single key pair for a user or group of users depending on the type of the certificates e.g. Nonrepudiation

For more information on available options, contact your Entrust SM Administrator. 

User Type

Specify the type of user registered in the Entrust SM for certificate generation e.g. Person

For more information on available options, contact your Entrust Administrator. 

Publish Certificate At

When performing an operation in conjunction with Security Manager and the Security Manager directory (such as creating a directory entry), these settings control how information in the directory is treated. 

Permitted Values: 

  • DO_OP_SUCCEED_IF_NOT_NEEDED - To perform the LDAP operation.
  • DO_OP_FAIL_IF_NOT_NEEDED - To perform the LDAP operation (fail if not needed).
  • NO_OP - To skip perform the LDAP operation.
  • NO_OP_FAIL_IF_NEEDED - To skip perform the LDAP operation (fail if needed).

CA Distinguished Name

This option will be shown only when Entrust CA Local Database option is selected. It will describe the CA for which the Entrust based certificate is generated.


If asynchronous mode is enabled in Certification Profile, a certificate will be issued with 7 days validity period by the Entrust CA. This is because in asynchronous mode, validity period and Certificate Template can neither be defined in Certification Profile nor during the issuance of the certificate while approving pending request.


In previous versions of ADSS, we have been supporting only "CN i.e. Common Name" to be configured as Subject Distinguished Name in our Certification Profile for certificates to be generated via Entrust CA.

From ADSS v6.3 onward, we will be supporting the following RDNs in our Certification Profile that can be used to generate certificates using Entrust CA. These RDNs can repeat multiple times in Subject Distinguished Name while configuring a Certification Profile and generating certificates.

  • CN - Common Name
  • G - Given Name
  • SN - Surname
  • OU - Organization Unit
  • O - Organization
  • E - Email
  • L - Locality
  • ST - Street Address
  • S - State
  • P - Postal Code
  • C - Country
  • SERIALNUMBER - Subject Serial Number
  • UID  - Unique Identifier


See also

ADSS CA Server

Microsoft CA
Symantec MPKI
GlobalSign EPKI
GlobalSign HVCI
EJBCA
QuoVadis CA
Offline External CA
DigiCert PKI
SPOC Server