You need a truststore containing the CA chain for validating the Entrust Proxy for Microsoft CA's connection during tls handshake. This is a chain of CA certs which has issued the server certificate of Entrust Proxy for Microsoft CA.
The following instructions create a Java KeyStore (JKS) with the Java keytool command line utility. Consider using a more secure PKCS#12 type instead.
Creating the SSL directory
Create an SSL directory under the Entrust Proxy for Microsoft CA installation. For example:
c:\mscaproxy\sslImporting the CA certificates
In the SSL directory, run the following command to include the certificate of the root CA and all the intermediate CAs. See below for a description of each parameter.
keytool -import -noprompt -alias <alias> -file <file> -keystore <keystore> -storepass <storepass>See below for a description of each parameter.
Option | Value |
|---|---|
<alias> | The alias of the CA in CA Gateway |
<file> | The path of the CA certificate file |
<keystore> | The path of the truststore file |
<storepass> | The password of the trustore |
For example:
keytool -import -noprompt -alias myca -file myca.crt -keystore truststore.jks -storepass ****