As explained in this section, you can store the administrator profile in software as an Entrust Profile File (EPF).
To create the administrator profile on software
- Run the CA Gateway Profile Creation Utility.
- Run
bin/pcu.shon Linux. - Run
bin\pcu.baton Windows.
- Run
- Confirm you are on the main menu of the PCU.
Main Menu1. Exit2. Help3. Create Entrust profile4. Recover Entrust profile5. Inspect Entrust profile (read only)6. Inspect and update Entrust profile (read/write)7. Create Server Login credentials8. Create PKCS #12 file (Security Manager)9. Recover PKCS #12 file (Security Manager)10. Create PKCS #12 file (3rd Party)11. Update PKCS #12 file (3rdParty)12. Process PKCS #10 Certificate Signing Request (CSR)13. Generate/Process Certificate Signing Request on HSM (3rd Party) 14. Change passwordSelect an operation [3]: - Select option 3 for Create Entrust profile.
- Select option 2 for Hardware token.
- In Take settings from an existing entrust.ini file (y/n)? enter y for yes.
In Enter full path to entrust.ini, enter the path of the local, edited
entrust.inifile.In Enter token slot number, enter the slot number of the desired slot.
We recommend creating the enrollment agent credentials in a PKCS#11 HSM.
- In Enter reference number, enter the reference number given by the Security Manager Administration when creating the user.
- In Enter authorization code, enter the authorization code given by the Security Manager Administration when creating the user.
In Enter profile name, enter a file name for the auxiliary profile file.
- In Enter auxiliary profile directory, enter the directory for the auxiliary profile file. The name of this file is the name previously entered in Enter profile name.
In Enter hardware token password, enter the password of the HSM slot.
Use different passwords for users in different slots. That can help avoid accidentally overwriting a slot already used for a different user.