In Entrust CA Gateway, you must create profiles for each Managed CA that will issue certificates for MDM-SCEP enrollment. Each profile must issue one of the MDM-SCEP certificate types you added earlier to Security Manager.
When adding these profiles to CA Gateway:
- The
subject_builder_configfield is not supported. - The
subject-variable-requirementsfield is not supported. - The values of the
cert_type(certificate type) andcert_definition(certificate definition) parameters must match the values specified in Security Manager. - The value of the
create_ldap_entryparameter must befalse.
The following example shows multiple Managed CA profiles configured in CA Gateway for MDM-SCEP enrollment, one profile for each MDM-SCEP certificate type you created earlier in Security Manager.
- name: "MDM-SCEP Verification" unique_id: ent_mdm_scep_sig properties: cert_type: ent_mdm_scep_sig cert_definition: Verification_p10 user_type: Web Server create_ldap_entry: false- name: "MDM-SCEP Encryption" unique_id: ent_mdm_scep_enc properties: cert_type: ent_mdm_scep_enc cert_definition: Encryption_p10 user_type: Web Server create_ldap_entry: false- name: "MDM-SCEP Dual Usage" unique_id: ent_mdm_scep_sig_enc properties: cert_type: ent_mdm_scep_sig_enc cert_definition: Dual Usage user_type: Web Server create_ldap_entry: false- name: "MDM-SCEP Nonrepudiation" unique_id: ent_mdm_scep_sig_enc properties: cert_type: ent_mdm_scep_sig_enc cert_definition: Nonrepudiation user_type: Web Server create_ldap_entry: false