Certificate Enrollment Gateway requires a TLS certificate to secure incoming connections over HTTPS. This TLS certificate must be issued and installed into CSP 1.0.0 PKI before Certificate Enrollment Gateway can accept any enrollment requests over HTTPS.

You must issue the TLS certificate when deploying Certificate Enrollment Gateway for the first time. You must also renew the certificate before it expires so Certificate Enrollment Gateway can continue accepting enrollment requests.

• Installing the Certificate Enrollment Gateway certificate chain into CSP 1.0.0 PKI
• Building a TLS certificate chain for the Certificate Enrollment Gateway certificate
• Issuing TLS certificates with an on-premises CA
• Issuing TLS certificates with Entrust PKI as a Service
• Creating a CSR for the Certificate Enrollment Gateway certificate