Install the Entrust Proxy for Microsoft CA, as explained in the following sections.

System requirements for the Entrust Proxy for Microsoft CA

To install the Entrust Proxy for Microsoft CA, you need a machine with Windows Server 2016 (x64) or above and one of the following LTS (Long Term Support) Java distributions.

  • Oracle Java x86_64 version 17
  • OpenJDK 17
  • AdoptOpenJDK 17

An environment variable JAVA_HOME should exist pointing to the path of java installation. 

The PATH environment variable should be extended to include %JAVA_HOME%\bin

To check the Java version and architecture details, run:

java -XshowSettings:properties -version

Configuring the Windows domain account

Configure the Windows login account of the Entrust Proxy for Microsoft CA. See below for the supported combinations when the Entrust Proxy for Microsoft CA and the Domain Controller share the same server or run on different servers.

User

Service startup type

Same server

Different servers

A local service account

Automatic or Automatic (Delayed Start)

(tick) 

(tick) 

A user of the Domain Admin group

Automatic (Delayed Start)

(tick) 

(error) 

In either case, enable only the following user permissions.

  • Issue and Manage Certificates
  • Request Certificates

Downloading the Entrust Proxy for Microsoft CA installer

Download and extract the Entrust Proxy for Microsoft CA installer files.

To download the Entrust Proxy for Microsoft CA installer

  1. Log in trustedcare.entrust.com
  2. Go to PRODUCTS > Authority
  3. Select your CA Gateway version.
  4. Click the download link of the Entrust Proxy for Microsoft CA.
  5. Unzip the compressed file contents to your selected installation directory on the Windows machine – for example, in c:\mscaproxy 

    Installing into c:\Program Files may not be functional due to windows privilege enforcement.

Configuring logs

Optionally, edit the configuration files to modify the default log recording settings.

Configuration file

Parameter

Value

Additional steps

​MSCAProxy.xml

​logpath

​The folder where to save logs.

Re-run the Entrust Proxy for Microsoft CA installer if you edit this file after the installation.

config\application.yml

com.entrust.mscaproxy

The supported log levels. Supported values in increasing severity are TRACE, DEBUG, INFO, WARN, ERROR, FATAL and OFF.

Restart the system if you edit this file after the installation.

For example, adding the following code to the config\application.yml file sets the log level to INFO.

logging:
level:
root: INFO
com.entrust.mscaproxy: INFO

Running the Entrust Proxy for Microsoft CA installer

Run the following command as an administrator to register the Entrust Proxy for Microsoft CA as a Windows service.

MSCAProxy.exe install /p

When prompted, type the domain user's username in one of the following formats:

  • UPN (User Principal Name)
  • <domainName>\<sAMAccountName>

Type the password of the domain user and type y for allowing the log-on as a service. The installer does not wait for you to press the Enter key.

Un-Installing the Entrust Proxy for Microsoft CA 

Run the following command as an administrator if you want to uninstall.

MSCAProxy.exe uninstall