Entrust Certificate Services prerequisite configurations

Before Venafi Trust Protection Platform can interact with Entrust Certificate Services, you need to use the Entrust Certificate Services web portal to enroll an Advantage SSL certificate for use by Trust Protection Platform.

You'll then use the Advantage certificate to create the required certificate credential on the Trust Protection Platform server. Trust Protection Platform uses the certificate credential to authenticate with Entrust Certificate Services when retrieving certificates, templates, and licensing information.

To generate the key pair and CSR to enroll, and create a credential object for authentication

  1. Create a certificate object and enroll it using a self-signed CA template.

  2. After the self-signed certificate has been enrolled, set the Management Type to Monitoring.

    This ensures that the certificate is not renewed automatically because that would cause another self-signed certificate to be enrolled.

  3. Download the CSR.

  4. Using the Entrust Certificate Services portal, enroll the CSR for an Advantage certificate.

    You'll dedicate this certificate for use by Trust Protection Platform.

  5. After the Advantage certificate is issued, then from the Certificates menu, copy the certificate's tracking ID.

  6. From the Administration menu, click Advanced settings then API.

  7. In the Add API Key panel, click Select a certificate.

  8. Locate the certificate that was created and click Choose this certificate.

  9. In the Add API Key panel, click Generate Credentials.

  10. Record the user name and API key.

  11. Using the issued certificate, import it into the certificate object in Trust Protection Platform that you created in Step 1.

  12. Download the certificate files.

    1. From within the ECS portal, click on Certificates > Managed Certificates.

    2. Select the ECS Certificates tab and locate the SSL certificate created above.

    3. Select the certificate and select Pickup certificate from the Actions drop-down menu

    4. In the certificate pickup pages, choose Sun Java Web Server as the server type and click Next.

    5. Click Next.

    6. Click on Download Certificates to download the CertificateBundle.p7b file.

  13. Import the certificate and chain into the Java key store.

    ubuntu@ubuntu:~$ keytool -import -trustcacerts -alias servicenow -file CertificateBundle.p7b -keystore servicenow.jks

When you install and configure the application you will upload the .jks file (in this example, servicenow.jks) and provide the username and password for the API account.

NOTE  For information on creating a Certificate Credential object, see Working with system credentials.

 

Related Topics Link IconRelated Topics