See below the known issues in the CA Gateway version running on PKI Hub 1.4.0.

Mandatory parameters are mutually exclusive (ATEAM-16246)

When configuring a CA Gateway client, the following mandatory parameters are mutually exclusive (that is, you must select one but not both).

• Tenant ID
• Integrator ID

However, the Management Console raises an error during validation if any of these values is unselected.

Detected in: CA Gateway 3.0.0 to 3.0.5.

Workaround:

1. Delete the client settings.
2. Recreate the client settings using either the Tenant ID or Integrator ID parameter.

subject.certificates field omitted (ATEAM-16264)

For performance reasons, the PKIaaS CA Plugin will not honor the subject.certificates field in the following endpoint.

Detected in: CA Gateway 3.0.1 to 3.0.5.

Slashes not supported in passwords (ATEAM-18325)

CA Gateway deployments on appliances do not support slashes ('/') in passwords (such as keystore passwords, truststore passwords, Entrust Profile File passwords, etc.).

Detected in: CA Gateway installations on EDM (Entrust Deployment Manager) and  PKI Hub.

DigiCert configuration settings not updated (ATEAM-19297)

As described in New features in CA Gateway for PKI Hub 1.4.0, DigiCert profile properties now express certificate validity in days rather than years. However, after upgrading a CA Gateway installation in which these properties were already set, you must manually update them as explained below.

To manually update the DigiCert profile properties

1. Edit the CA Gateway configuration as explained in Configuring and deploying CA Gateway.
2. In the Profiles tab, remove the following DigiCert CA Profile Properties. 
   • Order Validity (year)
   • Certificate Validity (year)
3. Update the values of the following parameters to express the period in days rather than years.
   • Order Validity (days)
   • Certificate Validity (days)