Summary:
Entrust.NET is a pluggable certificate authority driver of Venafi Encryption Director (VED). The purpose of the driver is to request SSL Certificates from the Entrust.NET Certificate Authority (CA).
More Info:
First create the 'Certificate Authority' object, as per this article:
Creating Certificate Authority Object KB
Steps to configure Entrust.NET:
Complete the Entrust.NET CA object:
- General
- Description – Create a description for this object.
- Contact – User or group identities to be assigned to this object. The default notifications are sent to these contacts.
- Connection
- Credentials – Certificate Credential that Director uses to authenticate with the Entrust.NET web service. Important: This Certificate Credential is an Advantage certificate that is authorized for administration purposes on Entrust.NET.
- Validate – Tests the selected Certificate Credential to validate the web service connection and to retrieve available clients, certificate types and validity periods for each of them.
- Options
- Client – Name of your client. This name is used to generate the certificates.
- Certificate Types – Supported Entrust.NET SSL certificate types for the current iteration of the Entrust.NET CA.
- Manual Approvals – Requires manual approval for all CSRs submitted.
- Subject Alt Name Enabled – If the check box is enabled, your account supports Subject Alt Name (SAN). Set it to checked if this object is to be used to request certificates with SANs.
- Validity Period
- Supported Validity Periods (Years) – Lists the supported validity periods for the selected Product Name.
- Available Validity Periods (Years) – Choose the validity period(s) that this object needs to support from the list of Supported Validity Periods on the right.
- Accounting
- Total Licenses – Number of prepurchased certificate licenses.
- Used Licenses – Number of prepurchased certificate licenses that have been used.
- Available Licenses – Number of prepurchased certificate licenses that are available.
- Licenses Alert – Threshold at which Director begins sending certificate license alert notifications. When the number of remaining licenses reaches this threshold, Director generates license alert events.
After filling out all of the entries, click on the 'Apply' button to save the settings.
Associating Entrust.NET CA object to a Certificate object
Now either create a new certificate object or navigate to an existing certificate object. Select the ‘Settings’ tab and for ‘CA Template’ in the ‘Other Information’ section, choose the Entrust.NET CA object you just created above. Select the new ‘Entrust.net’ tab that will appear on the tab panel above.
Complete the remaining certificate specific Entrust.NET CA fields:
- Settings
- Validity Period – The amount of time, in years, this certificate will be issued for. This list show only the supported validity periods that were selected in the above created Entrust.NET CA object.
- Number of Servers – This number of systems this certificate will be installed on.
- Certificate Owner
- First Name – Certificate Owner’s first name.
- Last Name – Certificate Owner’s last name.
- Email – Certificate Owner’s email address.
- Telephone – Certificate Owner’s telephone number.
- Tracking Fields
- Your certificate may include additional certificate fields. These are custom fields defined by your organization with the Entrust.NET CA. Director includes these values in the certificate signing request it submits to the Entrust.NET CA.
After filling out all of the entries, click on the 'Apply' button to save the settings.
Comments