In Entrust CA Gateway, you must create profiles for each Managed CA that will issue certificates for SCEP or Intune-SCEP enrollment. Each profile must issue one of the SCEP certificate types you added earlier to Security Manager.
When adding these profiles to CA Gateway:
- The
subject_builder_configfield is not supported. - The
subject-variable-requirementsfield is not supported. - The values of the
cert_type(certificate type) andcert_definition(certificate definition) parameters must match the values specified in Security Manager. The value of the
create_ldap_entryparameter must befalse.
The following example shows multiple Managed CA profiles configured in CA Gateway for SCEP and Intune-SCEP enrollment, one profile for each SCEP certificate type you created earlier in Security Manager.
- name: "SCEP Signing" unique_id: ent_scep_sig properties: cert_type: ent_scep_sig cert_definition: Verification_p10 user_type: Web Server create_ldap_entry: false- name: "SCEP Encryption" unique_id: ent_scep_enc properties: cert_type: ent_scep_enc cert_definition: Encryption_p10 user_type: Web Server create_ldap_entry: false- name: "SCEP Dual Usage" unique_id: ent_scep_sig_enc properties: cert_type: ent_scep_sig_enc cert_definition: Dual Usage user_type: Web Server create_ldap_entry: false- name: "SCEP Nonrepudiation" unique_id: ent_scep_sig_nonrep properties: cert_type: ent_scep_sig_nonrep cert_definition: Nonrepudiation user_type: Web Server create_ldap_entry: false