Cryptographic Security Platform 1.1.0 - Installation and administration guide [PDF][Releases]

For EST enrollment, you must add the following certificate types to Entrust Certificate Authority:

signing
encryption
dual usage (signing and encryption)
non-repudiation.

To add EST certificate types to Entrust Certificate Authority

Log in to Entrust Certificate Authority Administration.
Export the certificate specifications to a file by selecting File > Certificate Specifications > Export.
Open the certificate specifications file in a text editor.
Add the following lines to the [Certificate Types] section.

; ----------------------------------------------------------------------

; Certificate types to be used with EST

; ----------------------------------------------------------------------

ent_est_sig=enterprise,EST Signing,EST Signing Certificate

ent_est_enc=enterprise,EST Encryption,EST Encryption Certificate

ent_est_sig_enc=enterprise,EST Signing and Encryption,EST Signing and Encryption Certificate

ent_est_nonrep=enterprise,EST Signing and Nonrepudiation,EST Signing and Nonrepudiation Certificate

; ----------------------------------------------------------------------
Add the following lines to the [Extension Definitions] section.

; ----------------------------------------------------------------------

; Certificate definitions to be used with EST

; ----------------------------------------------------------------------

[ent_est_sig Certificate Definitions]

1=Verification

[ent_est_sig Verification Extensions]

keyusage=2.5.29.15,n,m,BitString,1

[ent_est_sig Advanced]

noUserInDirectory=1

[ent_est_enc Certificate Definitions]

1=Encryption

[ent_est_enc Encryption Extensions]

keyusage=2.5.29.15,n,m,BitString,001

[ent_est_enc Advanced]

noUserInDirectory=1

[ent_est_sig_enc Certificate Definitions]

1=Dual Usage

[ent_est_sig_enc Dual Usage Extensions]

keyusage=2.5.29.15,n,m,BitString,101

[ent_est_sig_enc Advanced]

noUserInDirectory=1

[ent_est_nonrep Certificate Definitions]

1=Nonrepudiation

[ent_est_nonrep Nonrepudiation Extensions]

keyusage=2.5.29.15,n,m,BitString,11

[ent_est_nonrep Advanced]

noUserInDirectory=1

;-----------------------------------------------------------------------
Save and close the file.
Import the certificate specifications back into the CA. In Entrust Certificate Authority Administration, select File > Certificate Specifications > Import.