Entrust PKI Hub 1.0 - Installation and Administration Guide [PDF]

See below for how to install and configure the AWS CA plugin.

Exporting the current CA Gateway configuration

Create a <CONFIG> folder in the machine hosting PKI Hub – for example:

$ mkdir /tmp/config

Run the clusterctl solution config export command to export the CA Gateway configuration on the <CONFIG> folder – for example:

$ sudo clusterctl solution config export -i cagw -f /tmp/config

Copying the AWS-CA plugin installation files

Entrust distributes each <VERSION> version of the AWS CA plugin in a compressed file with the following name.

cagw-plugin-awsca-<VERSION>.zip

Once extracted, copy the following contents of this file.

Source	Destination
config/edm/mc/awsca-schema.json	<CONFIG>
lib/*.jar	<CONFIG>/plugins

For example:

$ cp config/edm/mc/awsca-schema.json /tmp/config
$ mkdir /tmp/config/plugins
$ cp lib/*.jar /tmp/config/plugins

Updating the config-schema.json file

Edit the config-schema.json file previously exported to the <CONFIG> folder with the rest of the CA Gateway configuration. On this file, update the following settings under managed-cas.

Parameter	Update
additionalProperties.properties.connector-name.enum	Add the `com.entrust.awsca` internal name of the CA plugin.
additionalProperties.properties.connector-name.enumNames	Add the `AWS Certificate Authority` external name of the CA plugin.
dependencies.connector-name.oneOf	Add a `$file` reference to the `awsca-schema.json` configuration file at the ordered position.

For example:

"managed-cas": {
 "title":"Managed CAs",
 "type":"object",
 "additionalProperties":{
 "type":"object",
 "properties":{
 "name":{
             ...
          },
 "issuer-dn":{
             ...
          },
 "connector-name":{
 "title":"Connector Name",
 "enum":[
 "com.entrust.ECS",
 "com.entrust.SecurityManager",
 "com.entrust.MicrosoftCA",
 "com.entrust.awsca"
             ],
 "enumNames":[
 "Entrust Certificate Services",
 "Entrust Certificate Authority",
 "Microsoft Certificate Authority",
 "AWS Certificate Authority"
             ]
          }
       },
 "dependencies":{
 "connector-name":{
 "oneOf":[
                {
                   ....
                },
                {
 "$file":"awsca-schema.json"
                }
             ]
          }
       },

Updating the CA Gateway configuration

Run the clusterctl solution config import command to import the Ca Gateway configuration with the AWS-CA plugin updates. For example:

$ sudo clusterctl solution config import -i cagw -f /tmp/config