Click + Microsoft CA Properties to add the following settings.
ca-host
The CA hostname, as either:
- An IP
- A hostname
- A FQDN
As long as it resolves from the DNS.
Mandatory: Yes.
ca-name
The CA name – for example:
abc-issuingMandatory: Yes.
ca-proxy-url
The URL of the Entrust Proxy for Microsoft CA, in the following format:
https://<server>:8443/MSCAProxyMandatory: Yes.
key-recovery-agent-p12-<i>
The path of the key PKCS#12 generated when creating the RA recovery agents (if any). Where <i> is an integer greater than or equal to 0.
Mandatory: Only when creating the RA recovery agents.
key-recovery-agent-p12-password-<i>
The password of the key recovery agent PKCS#12.
Mandatory: Only when creating the RA recovery agents.
ldap-host
The Microsoft Active Directory, as an IP, a hostname, or an FQDN (as long as it resolves from the DNS). The host must be in the ca-host domain because:
- CA Gateway only talks to the Entrust Proxy for Microsoft CA.
- The Entrust Proxy for Microsoft CA is on the CA's same domain and talks to the CA.
Mandatory: Yes.
ldap-port
The port number for LDAP connections with Microsoft Active Directory (for LDAPS connections, configure ldaps-port instead).
The port is anonymously bound. The Microsoft CA proxy connects to Active Directory to get certificate template information.
This value is typically 389, the well-known port for LDAP.
Mandatory: When not configuring ldaps-port.
ldaps-port
The port number for LDAPS connections with Microsoft Active Directory (for LDAP connections, configure ldap-port instead).
The port is anonymously bound. The Microsoft CA proxy connects to Active Directory to get certificate template information.
This value is typically 636, the well-known port for LDAPS.
Mandatory: When not configuring ldap-port.
proxy-host-name
The hostname of the proxy for accessing the Microsoft CA server.
The proxy configured using this parameter is part of your corporate infrastructure. Do not confuse it with the Entrust Proxy for Microsoft CA, which is selected using the CA Proxy URL parameter.
Mandatory: Only when traffic to the Microsoft CA Proxy passes through a proxy.
proxy-password
The password for authenticating in the proxy.
The proxy configured using this parameter is part of your corporate infrastructure. Do not confuse it with the Entrust Proxy for Microsoft CA, which is selected using the CA Proxy URL parameter.
Mandatory: Only when the proxy requires authentication.
proxy-port
The port for accessing the proxy.
The proxy configured using this parameter is part of your corporate infrastructure. Do not confuse it with the Entrust Proxy for Microsoft CA, which is selected using the CA Proxy URL parameter.
Mandatory: Only when traffic to the Microsoft Proxy passes through a proxy.
proxy-ssl
Under this section, configure the following authentication settings.
Setting | Value | Mandatory |
|---|---|---|
client-cert-key-alias | The alias of the CA Gateway client key |
|
client-cert-key-store | The filename of the CA Gateway client JKS |
|
client-cert-key-store-password | The password of the CA Gateway client JKS |
|
client-cert-key-store-type | Set this parameter to |
|
ssl-trust-store | The path of the CA Gateway trust store |
|
ssl-trust-store-password | The password of the CA Gateway trust store |
|
ssl-trust-store-type | The type of CA Gateway trust store. Supported values are |
|
proxy-username
The username for authenticating in the proxy.
The proxy configured using this parameter is part of your corporate infrastructure. Do not confuse it with the Entrust Proxy for Microsoft CA, which is selected using the CA Proxy URL parameter.
Mandatory: Only when the proxy requires authentication.