To integrate Entrust Certificate Authority, select this connector and configure the following settings.
- Security Manager Host
- PKIX Port
- LDAP Host
- LDAP Port
- LDAPS Port
- LDAP Principal
- LDAP Credential
- XAP Port
- Admin EPF file
- Admin EPF Password
- Initial XAP Connections
- Max XAP Connections
- XAP Connection Idle Timer (seconds)
- XAP Connection Socket Timer (seconds)
- XAP Logging
- XAP Logs Level
- P11 APF File
- P11 Library
- P11 Slot
- P11 Password
- Enable niche certificate types
- Allow 100% PKUP
- Enable CA Profile Sync
Security Manager Host
The hostname of the Entrust Certificate Authority instance.
Mandatory: Yes
PKIX Port
The PKIX-CMP port number of the Entrust Certificate Authority instance
Mandatory: Yes
LDAP Host
The hostname of the directory instance.
Mandatory: Yes.
LDAP Port
The port number for LDAP connections with the Entrust Certificate Authority directory (for LDAPS connections, configure LDAPS Port instead).
This value is typically 389, the well-known port for LDAP.
Mandatory: When using an LDAP connection.
LDAPS Port
The port number for LDAPS connections with Entrust Certificate Authority (for LDAP connections, configure LDAP Port instead).
This value is typically 636, the well-known port for LDAPS.
Mandatory: When using an LDAPS connection.
LDAP Principal
The name of the LDAP user for logging in to the directory. Save this property in secure storage such as Vault rather than directly in a configuration file.
Mandatory: Yes
LDAP Credential
The password of the LDAP user. Save this property in secure storage such as Vault rather than directly in a configuration file.
Mandatory: Yes
XAP Port
The XAP port number of the Entrust Certificate Authority instance.
Mandatory: Yes.
Admin EPF file
The administrator's Entrust Profile File (EPF) for connecting to Entrust Certificate Authority. Click Select Files to import this file.
Mandatory: When saving the user settings in an Entrust Profile File (EPF).
Admin EPF Password
The password for decrypting the administrator's Entrust Profile File (EPF).
Mandatory: When saving the administrator's settings in an EPF.
Initial XAP Connections
The initial number of XAP connections to the Entrust Certificate Authority.
Mandatory: No. This optional parameter defaults to 20 connections.
Max XAP Connections
The maximum number of XAP connections to the Entrust Certificate Authority.
Mandatory: No. This optional parameter defaults to 20 connections.
XAP Connection Idle Timer (seconds)
The idle timeout of the Entrust Certificate Authority XAP connection, in seconds.
Mandatory: No. This optional parameter defaults to 30 seconds.
XAP Connection Socket Timer (seconds)
The socket timeout of the Entrust Certificate Authority XAP connection, in seconds.
Mandatory: No. This optional parameter defaults to 60 seconds.
XAP Logging
for logging the XAP debugging to file;
otherwise.
Mandatory: No. This optional parameter defaults to .
XAP Logs Level
The XAP debug log level, from 0 (no logging) to 7 (maximum logging).
Mandatory: No. This optional parameter defaults to 0.
P11 APF File
The APF (Auxiliary Profile File). Click Select Files to import this file.
Mandatory: When saving the user settings in a PKCS #11 hardware security module (HSM) and archiving old private keys locally (to make them available for other purposes).
P11 Library
The full path of the PKCS#11 native library.
Mandatory: When saving the user settings in a PKCS #11 hardware security module (HSM).
P11 Slot
The slot number of the PKCS#11 slot.
Mandatory: When saving the user settings in a PKCS #11 hardware security module (HSM).
P11 Password
The PKCS#11 user PIN to log in to the PKCS#11 slot.
Mandatory: When saving the user settings in a PKCS #11 hardware security module (HSM).
Enable niche certificate types
to expose certificate types relating to ePassport applications and legacy software,
otherwise.
Mandatory: No. This optional parameter defaults to .
Allow 100% PKUP
The value of the PrivateKeyUsagePeriod
extension in certificates issued by Entrust Certificate Authority when the request:
- Includes the
optionalCertificateRequestDetails.validityPeriod
field, and - Does not include the
optionalCertificateRequestDetails.privateKeyUsagePercentage
field.
See below for the values supported by this setting.
apply-full-pkup | PrivateKeyUsagePeriod |
---|---|
true | The 100% of the |
false | Set by the CA. |
As explained in RFC2459, the PrivateKeyUsagePeriod
extension "allows the certificate issuer to specify a different validity period for the private key than the certificate".
Mandatory: No. This optional value defaults to true
.
Enable CA Profile Sync
true
to enable profile synchronization with Entrust Certificate Authority, false
otherwise. When set to true
, CA Gateway:
- Mirrors any eligible certificate types and definitions defined in Entrust Certificate Authority as basic CA Gateway certificate profiles without the need to define them in the CA Gateway configuration explicitly.
- Suppresses niche certificate types relating to ePassport applications and legacy software. To expose these types, enable the Enable niche certificate types parameter setting of the com.entrust.SecurityManager connector.
Mandatory: No.