Install the Entrust Proxy for Microsoft CA, as explained in the following sections.
- System requirements for the Entrust Proxy for Microsoft CA
- Configuring the Windows domain account
- Creating a Proxy Admin account
- Downloading the Entrust Proxy for Microsoft CA installer
- Configuring logs
- Running the Entrust Proxy for Microsoft CA installer
- Un-Installing the Entrust Proxy for Microsoft CA
System requirements for the Entrust Proxy for Microsoft CA
To install the Entrust Proxy for Microsoft CA, you need a machine with Windows Server 2016 (x64) or above and one of the following LTS (Long Term Support) Java distributions.
- Oracle Java x86_64 version 17
- OpenJDK 17
- AdoptOpenJDK 17
See the following tables for the required environment variables.
Variable | Value |
|---|---|
JAVA_HOME | The path of the Java installation. |
PATH | Extend the value to include |
To check the Java version and architecture details, run:
java -XshowSettings:properties -versionConfiguring the Windows domain account
Configure the Windows login account of the Entrust Proxy for Microsoft CA. See below for the supported combinations when the Entrust Proxy for Microsoft CA and the Domain Controller share the same server or run on different servers.
User | Service startup type | Same server | Different servers |
|---|---|---|---|
A local service account | Automatic or Automatic (Delayed Start) |
|
|
A domain user | Automatic (Delayed Start) |
|
|
In either case, enable only the following user permissions.
- Issue and Manage Certificates
- Request Certificates
Creating a Proxy Admin account
Create a Proxy Admin user and add it only to the Cert Publishers and Domain User groups.
Downloading the Entrust Proxy for Microsoft CA installer
Download and extract the Entrust Proxy for Microsoft CA installer files.
To download the Entrust Proxy for Microsoft CA installer
- Log in trustedcare.entrust.com
- Go to PRODUCTS > Cryptographic Security Platform
- Select the latest version.
- Click the download link of the Entrust Proxy for Microsoft CA.
- Unzip the compressed file contents to your selected installation directory on the Windows machine – for example, in
c:\mscaproxyInstalling into
c:\Program Filesmay not be functional due to windows privilege enforcement.
Configuring logs
Optionally, edit the configuration files to modify the default log recording settings.
Configuration file | Parameter | Value |
|---|---|---|
MSCAProxy.xml | logpath | The folder where to save logs. |
config\application.yml | com.entrust.mscaproxy | The supported log levels. Supported values in increasing severity are |
If you edit these pages after starting Entrust Proxy for Microsoft, run the MSCAProxy.exe restart command to restart it.
For example, adding the following code to the config\application.yml file sets the log level to INFO.
logging: level: root: INFO com.entrust.mscaproxy: INFORunning the Entrust Proxy for Microsoft CA installer
Run the following command as the Proxy Admin user to register the Entrust Proxy for Microsoft CA as a Windows service.
MSCAProxy.exe install /pWhen prompted, type the domain user's username in one of the following formats:
- UPN (User Principal Name)
<domainName>\<proxyAdminName>(where<proxyAdminName>is the name of the Proxy Admin user.
Type the password of the Proxy Admin user and type "y" to allow the log-on as a service. The installer does not wait for you to press the Enter key.
Un-Installing the Entrust Proxy for Microsoft CA
Run the following command as an administrator if you want to uninstall.
MSCAProxy.exe uninstall