When using CA Gateway as the source of certificate information, perform the steps below for Validation Authority to authenticate on CA Gateway.
Generating the CA Gateway client PKCS #12
Use your CA to generate a PKCS #12 containing:
- A TLS client certificate for Validation Authority to authenticate on CA Gateway.
- The private key of the certificate.
The PKCS #12 cannot contain more than one client certificate.
To generate the PKCS #12 with Entrust Certificate Authority:
- Select the 1-Key-Pair User (1-Key-Pair User with Dual Usage Key) certificate type to generate a PKCS #12 with a single client certificate.
- Check the Export PKCS #12 and All exportable options so the user can export the generated PKCS #12.
See the Entrust Certificate Authority documentation for more detailed information.
Configuring the client PKCS #12 in CA Gateway
Configure the CA Gateway client PKCS #12 in CA Gateway.
To configure the client PKCS #12 in CA Gateway
- Access the CA Gateway configuration page as explained in Configuring and deploying CA Gateway.
- Select the Server tab.
- Click Select Files under Trust Store and upload a PKCS #12 file containing:
- The CA certificates already included in the previous Trust Store (if any).
- The certificate of the CA that issued the CA Gateway client PKCS #12.
- Select the Clients tab.
- In the Subject DN settings of a client, enter the distinguished name (DN) of the CA Gateway client certificate.
- Make the changes effective and redeploy CA Gateway.
Importing the CA Gateway client PKCS #12 in Validation Authority
Run the evactl import-p12 command to import the CA Gateway client PKCS #12 – for example:
$ sudo evactl import-p12 -f eva-cagw.p12