Under this section, add the following profile settings for each Entrust Certificate Authority.

Certificate Type

The Entrust Certificate Authority certificate type to use when processing an enrollment request under the certificate profile. For example:

  • ent_twokeypair
  • ent_default

The administrator EPF for the Managed CA must have permission to administer this certificate type.

Mandatory: Yes.

Certificate Definition

The certificate definition for processing enrollment requests under the certificate profile. For example:

  • Verification
  • Dual usage
  • Encryption

This certificate definition must have an assigned certificate definition policy. Otherwise, enrollments will fail.

Mandatory: Yes.

LDAP entry creation mode

The LDAP entry creation mode.

Value

Action

(tick) 

CA Gateway will create the LDAP entry for the user. CA Gateway will connect to the directory using the LDAP credentials specified for the Managed CA.

(error) 

Entrust Certificate Authority will create an LDAP entry for the user depending on the managed-cas.profiles.directory-mode value.

Mandatory: No. This optional parameter defaults to true.

LDAP directory mode

When the LDAP entry creation mode option is disabled, this setting controls whether Entrust Certificate Authority creates an LDAP entry for the user.

Value

Action

DO_OP_FAIL_IF_NOT_NEEDED

Perform the repository operation when needed, and fail if not needed.

DO_OP_SUCCEED_IF_NOT_NEEDED

Perform the repository operation when needed, and return success if not needed.

NO_OP

Omit the repository operation and do not check if the operation is needed.

NO_OP_FAIL_IF_NEEDED

Omit the repository operation, but fail if the operation is needed.

In the CA profile, certificate types as vpn_nodir  include the following master.certspec  advanced setting under [Extension Definitions].

noUserInDirectory=1

Mandatory: Yes. 

User Role

The Entrust Certificate Authority role for processing enrollment requests under the certificate profile (for example, "End User"). 

The administrator EPF for the Managed CA must have permission to administer this role.

Mandatory: No.

User Type

The Entrust Certificate Authority user type to use when processing an enrollment request under the certificate profile. For example:

  • Person
  • Web Server

The administrator EPF for the Managed CA must have permission to administer this user type. 

Mandatory: No. The user type is not required when the LDAP entry creation mode option is disabled.