After building the TLS certificate chain for the Certificate Enrollment Gateway certificate, you can install the certificate into Entrust PKI Hub 1.0. To install the certificate, Entrust PKI Hub 1.0 requires the following:
- A single file containing the TLS certificate chain, from the TLS certificate to the root CA. You created this file earlier in Building a TLS certificate chain for the Certificate Enrollment Gateway certificate.
- The private key for the certificate. The private key was generated when you created the CSR for the certificate.
For more information about the clusterctl certificate command, see the Entrust PKI Hub 1.0 documentation.
To install the Certificate Enrollment Gateway certificate into Entrust PKI Hub 1.0
- On the Entrust PKI Hub 1.0 node where the Certificate Enrollment Gateway certificate chain is located, log in as the user account that owns Entrust PKI Hub 1.0.
- Navigate to the directory containing the Entrust PKI Hub 1.0
clusterctlcommand. Enter the following command:
sudo clusterctl certificate --cert <tls certificate chain> --key <privatekey>The following table describes the command parameters.
Parameter
Description
--cert <tls certificate chain>
The path and file name of a PEM-formatted file containing the entire TLS certificate chain.
--key <private key>
The path and file name of a PEM-formatted file containing the private key for TLS.
For example:
sudo clusterctl certificate --cert /home/user/ceg/corporate.example.com/tls.crt --key /home/user/ceg/corporate.example.com/tls.key