CA Gateway requires an administrator profile issued by the Entrust Certificate Authority. This profile must have a role with the following permissions.
Permission category | Permissions |
|---|---|
Certificates | Administer at least one certificate category (currently, CA Gateway supports only Enterprise certificate types) |
Certificate Types | Administer at least one certificate type |
Groups | View |
Administer at least one group | |
License Information | View |
Roles | View |
Administer at least one role | |
Searchbases | View |
Administer at least one search base | |
Security Policy | Force CRLs |
View User Policy | |
View Security Policy | |
Export Certificate Specification | |
User Templates | Administer at least one template |
User - General | View |
Add | |
Reactivate | |
Deactivate/Remove | |
Change DN | |
Modify properties | |
Revoke certificates | |
Update key pairs | |
Set for key recovery | |
Cancel key recovery | |
Modify key update options | |
View activation code | |
Reissue activation code | |
User - Advanced | Change the user's role |
Refer to the Entrust Certificate Authority documentation for more details on role configuration.
To create a new role for the administrator profile
- Log in to Entrust Certificate Authority administration portal.
- In the tree view, expand Security Policy > Roles.
- Select Policies > Roles > New to create a new role. Alternatively, you can copy the Administrator role because this role includes most of the permissions required for the new role.
- Select Administrator.
- Select Policies > Roles > Selected Role > Copy . A copy of the role appears at the bottom of the list of roles in the tree view, and the new role’s properties appear in the right pane.
Click the Role tab.
Into the Unique name field, enter
CAGW Admin Role.In the Authorizations field, enter 1.
In the User Policy drop-down list, select CAGW Admin Policy. This is the client policy you created earlier.
Unselect the End User check box. This check box should already be deselected.
- Click the Permissions tab.
Configure the permissions documented in the above table and click Apply.
If prompted, authorize the operation. As explained in the Entrust Certificate Authority documentation, the operation may require more than one authorization.
- A Permission Dependencies pop-up dialog may list additional permissions required for the role to function properly. Add these missing permissions to the role.