Test the integration

# source /opt/entrust/authdata/CA/env_settings.sh

# entsh -e "source /opt/entrust/authdata/CA/FirstTimeInit.tcl"

% sudo usermod -g eca Master1
% sudo usermod -g eca Master2
% sudo usermod -g eca Master3

# source /opt/entrust/authdata/CA/env_settings.sh

[Master1@entrust-sm-linux Master1]$ entsh
Entrust Authority (TM) Certificate Authority Control Command Shell 10.0.20(183)
Copyright 1994-2020 Entrust. All rights reserved.

Type 'help' or '?' for help on commands
entsh$

entsh$ service start
entsh$ service status
Checking service status...
amb     Maintenance               enabled   up    1/1 processes
ash     Admin Service Handler     enabled   up    4/4 processes
backup  Automatic Backup          enabled   up    1/1 processes
cmp     PKIX-CMP                  enabled   up    2/2 processes
integ   Database Integrity Check  enabled   up    1/1 processes
keygen  Key Generator             enabled   up    1/1 processes
listen  Listener Service          enabled   up    1/1 processes
rlsvc   Revocation List Service   enabled   up    1/1 processes
sep     Entrust proto-PKIX        disabled  down  0/2 processes
xap     XML Admin Protocol        enabled   tran  1/2 processes

entsh$ ca key show-cahw
You must log in to issue the command.
Master User Name: Master1
Password:

**** Hardware Information ****

----------------------------------------------------

Name:
nCipher Corp. Ltd  SN : a165a26f929841fe SLOT : 761406613

Has current X.509 CA key: Y
Load Status:              hardware loaded ok
Uses Password:            Y
DB protection HW:         N
In use for X.509 CA keys: Y
In use for EAC keys:      N
ECDSA style:              4 (use raw digest padded to large digest size)

----------------------------------------------------
**** End of Hardware Information ****

ou=CAentry,dc=entrustsm,dc=local.Master1 $

entsh$ ca key update
You must log in to issue the command.
Master User Name: Master1
Password:

Select the destination for the new CA key.
Choose one of:
1. Software
2. nCipher Corp. Ltd  SN : a165a26f929841fe SLOT : 761406613
3. Cancel operation
> 2
Checking cluster status...

The cluster will be stopped and the CA key updated.
Do you wish to continue (y/n) ? [y]
Stopping cluster...

100% complete. Estimated time remaining -:-:- /

CA key and certificate successfully updated.
Recovering CA profile...
Starting cluster...

CA profile successfully recovered.

It is recommended that all revocation lists be re-issued. This can be done
later with the 'rl issue' command. Re-issue revocation lists now (y/n) ? [y]

Issuing CRLs, please wait ...

1 CRL(s) were issued.
1 ARL(s) were issued.
1 combined CRL(s) were issued.

Publishing CRLs, please wait ...

ou=CAentry,dc=entrustsm,dc=local.Master1 $

entsh$ ca key update
You must log in to issue the command.
Master User Name: Master1
Password:

Select the destination for the new CA key.
Choose one of:
1. Software
2. nCipher Corp. Ltd  SN : a165a26f929841fe SLOT : 761406613
3. Cancel operation
> 1
Checking cluster status...

The cluster will be stopped and the CA key updated.
Do you wish to continue (y/n) ? [y]
Stopping cluster...

100% complete. Estimated time remaining -:-:- \

CA key and certificate successfully updated.
Recovering CA profile...
Starting cluster...

CA profile successfully recovered.

It is recommended that all revocation lists be re-issued. This can be done
later with the 'rl issue' command. Re-issue revocation lists now (y/n) ? [y] y

Issuing CRLs, please wait ...

1 CRL(s) were issued.
1 ARL(s) were issued.
1 combined CRL(s) were issued.

Publishing CRLs, please wait ...

ou=CAentry,dc=entrustsm,dc=local.Master1 $

entsh$ ca key show-cache
**** In Memory CA cache ****
Record Status Legend:
  C = current key
  H = key on hold
  A = non-current key
  X = revoked or expired non-current key has been obsoleted
  HWV1 = hardware key PKCS11 V1 *** NOT SUPPORTED ***
  HWV2 = hardware key PKCS11 V2
  SW = software key

----------------------------------------------------

Internal key index:           1
CA certificate issued by:     ou=CAentry,dc=entrustsm,dc=local
serial number:                00EA078000BF7000CA7AE74BF04D102506
current CA certificate:       N
CA certificate issue date:    Tue Feb 28 16:38:35 2023
CA certificate expire date:   Mon Feb 28 17:08:35 2033
subject key identifier:       0AF8F1EF5267734EDCCD8E236E9C3DE50B97E2FA
private key active:           Y
private key expired:          N
certificate expired:          N
certificate revoked:          N
revocation details:           N/A
key:                          RSA-2048
global signing policy:        RSA-SHA256 (sha256WithRSAEncryption)
record status in database:    A HWV2
migrated:                     N
hardware load error:          N
hardware CKA_ID:              GBx0/RIFlFXEnTMXJZITs9Ye9KQ=
hardware status: Loaded >> 'nCipher Corp. Ltd  SN : a165a26f929841fe SLOT : 761406613'.

----------------------------------------------------

Internal key index:           2
CA certificate issued by:     ou=CAentry,dc=entrustsm,dc=local
serial number:                00CC12A24A27C91E4D276DC9FBE38BE9D9
current CA certificate:       N
CA certificate issue date:    Tue Feb 28 18:38:48 2023
CA certificate expire date:   Mon Feb 28 19:08:48 2033
subject key identifier:       999087C0197A1F2B78E23A9E2C300D122FE939E1
private key active:           Y
private key expired:          N
certificate expired:          N
certificate revoked:          N
revocation details:           N/A
key:                          RSA-2048
global signing policy:        RSA-SHA256 (sha256WithRSAEncryption)
record status in database:    A HWV2
migrated:                     N
hardware load error:          N
hardware CKA_ID:              oiwieKDsyacnT1vf1F/7Pq91LfE=
hardware status: Loaded >> 'nCipher Corp. Ltd  SN : a165a26f929841fe SLOT : 761406613'.

----------------------------------------------------

Internal key index:           5
CA certificate issued by:     ou=CAentry,dc=entrustsm,dc=local
serial number:                0081F74C05EB674261F4A65791E56AC3AC
current CA certificate:       Y
CA certificate issue date:    Tue Feb 28 18:42:38 2023
CA certificate expire date:   Mon Feb 28 19:12:38 2033
subject key identifier:       40B6D71C76ED8B5A980EEE3F04A012907964E7A0
private key active:           Y
private key expired:          N
certificate expired:          N
certificate revoked:          N
revocation details:           N/A
key:                          RSA-2048
global signing policy:        RSA-SHA256 (sha256WithRSAEncryption)
record status in database:    C SW
migrated:                     N
hardware load error:          N
hardware CKA_ID:              N/A
hardware status: CA Hardware not used.

----------------------------------------------------
**** End of In Memory CA cache ****

entsh$ ca cert list
You must log in to issue the command.
Master User Name: Master1
Password:
Serial Type    Issue Date           Expiry Date          Post  Revoked
[1]    CA      2023/02/28 16:38:35  2033/02/28 17:08:35  yes
[2]    CA      2023/02/28 18:38:48  2033/02/28 19:08:48  yes
[3]    LINK    2023/02/28 16:38:35  2033/02/28 17:08:35  yes
[4]    LINK    2023/02/28 18:38:48  2033/02/28 17:08:35  yes
[5]    CA      2023/02/28 18:42:38  2033/02/28 19:12:38  yes
[6]    LINK    2023/02/28 18:38:48  2033/02/28 19:08:48  yes
[7]    LINK    2023/02/28 18:42:38  2033/02/28 19:08:48  yes

The certificate with serial number [5] is the current CA certificate.

Serial Numbers:
[1] 00EA078000BF7000CA7AE74BF04D102506
[2] 00CC12A24A27C91E4D276DC9FBE38BE9D9
[3] 00C3BDDF34F21FC3720DE6094F850B9355
[4] 00BA867D4755A8AA3615A619B9E60EA910
[5] 0081F74C05EB674261F4A65791E56AC3AC
[6] 00FAAB3B0087366C1755A30D87A97C6FD2
[7] 00AF7099D604B91E5D56070AAB4E67DD7F


ou=CAentry,dc=entrustsm,dc=local.Master1 $