You need a truststore.jks truststore containing the CA chain of the Entrust Proxy for Microsoft CA's server key.
The following instructions create a Java KeyStore (JKS) with the Java keytool command line utility. Consider using a more secure PKCS#12 type instead.
To generate a truststore for CA Gateway
Create an SSL directory under the Entrust Proxy for Microsoft CA installation. For example:
c:\mscaproxy\sslIn this directory, run the following command to include the certificate of the root CA and all the intermediate CAs.
keytool -import -noprompt -alias <CA_ALIAS> -file <CA_ALIAS>.cer -keystore truststore.jks -storepass <STOREPASS>- Copy the new
truststore.jkstruststore in the CA Gateway server.