Configure the following settings for each enrollment connection with CA Gateway.
CAGW CA ID
The CA identifier (CA ID) in CA Gateway of the CA for WSTEP enrollment.
Mandatory: Yes.
Parent DN
The parent DN (distinguished name) for certificates issued by the CEG WSTEP service. The selected value is appended to incoming Subject DNs.
CA Type | Parent DN |
|---|---|
Entrust Certificate Authority | A known searchbase defined in Entrust Certificate Authority. |
Entrust PKI as a Service | An absent parent DN, or a user-defined or custom parent DN. |
Examples:
ou=Devices, o=My Company, c=UScn=Users, ou=North America, o=My Company, c=GBMandatory: No.
CAGW Profile ID for Digital Signature
The unique ID defined in CA Gateway for the WSTEP signing certificate profile.
Mandatory: Yes.
CAGW Profile ID for Key Encipherment
The unique ID defined in CA Gateway for the WSTEP encryption certificate profile.
Mandatory: Yes.
CAGW Profile ID for Digital Signature and Key Encipherment
This unique ID defined in CA Gateway for the WSTEP signing and encryption certificate profiles.
Mandatory: Yes.
CAGW Profile ID for Digital Signature and Nonrepudiation
The unique ID defined in CA Gateway for the WSTEP signing and nonrepudiation certificate profile.
Mandatory: Yes.
Certificate Templates
The required mappings for each certificate template.
- For Value, enter the name of a Profile ID defined in CA Gateway for issuing the certificate.
- For Value, enter the name of a Profile ID defined in CA Gateway for issuing the certificate.
Note that:
For machines, the Subject name in the certificate template must be Common name or DNS name.
For users, the Subject name in the certificate template must be Common name.
See Creating Windows certificate templates for the Entrust WSTEP Service for information on configuring the Subject name in the Windows certificate template.
Mandatory: No.