Test the integration

# source /opt/entrust/authdata/CA/env_settings.sh

# entsh -e "source /opt/entrust/authdata/CA/FirstTimeInit.tcl"

# source /opt/entrust/authdata/CA/env_settings.sh

[Master1@entrust-sm-linux Master1]$ entsh
Entrust Certificate Authority Control Command Shell 11.0.0(43)
Copyright 2025 Entrust Corporation. All rights reserved.

Type 'help' or '?' for help on commands
entsh$

entsh$ service start
entsh$ service status
Checking service status...
amb     Maintenance               enabled   up    1/1 processes
ash     Admin Service Handler     enabled   up    4/4 processes
backup  Automatic Backup          enabled   up    1/1 processes
cmp     PKIX-CMP                  enabled   up    2/2 processes
integ   Database Integrity Check  enabled   up    1/1 processes
keygen  Key Generator             enabled   up    1/1 processes
listen  Listener Service          enabled   up    1/1 processes
rlsvc   Revocation List Service   enabled   up    1/1 processes
sep     Entrust proto-PKIX        disabled  down  0/2 processes
xap     XML Admin Protocol        enabled   tran  1/2 processes

entsh$ ca key show-cahw
You must log in to issue the command.
Master User Name: Master1
Password:

**** Hardware Information ****

----------------------------------------------------

Name:
nCipher Corp. Ltd  SN : 321b143185fc9395 SLOT : 761406614

Has current X.509 CA key: Y
Load Status:              hardware loaded ok
Uses Password:            Y
DB protection HW:         N
In use for X.509 CA keys: Y
In use for EAC keys:      N
ECDSA style:              1 (use raw digest)

----------------------------------------------------
**** End of Hardware Information ****

ou=CAentry,dc=entrustsm,dc=local.Master1 $

entsh$ ca key update
You must log in to issue the command.
Master User Name: Master1
Password:

Select the destination for the new CA key.
Choose one of:
1. Software
2. nCipher Corp. Ltd  SN : a165a26f929841fe SLOT : 761406613
3. Cancel operation
> 2
Checking cluster status...

The cluster will be stopped and the CA key updated.
Do you wish to continue (y/n) ? [y]
Stopping cluster...

100% complete. Estimated time remaining -:-:- /

CA key and certificate successfully updated.
Recovering CA profile...
Starting cluster...

CA profile successfully recovered.

It is recommended that all revocation lists be re-issued. This can be done
later with the 'rl issue' command. Re-issue revocation lists now (y/n) ? [y]

Issuing CRLs, please wait ...

1 CRL(s) were issued.
1 ARL(s) were issued.
1 combined CRL(s) were issued.

Publishing CRLs, please wait ...

ou=CAentry,dc=entrustsm,dc=local.Master1 $

entsh$ ca key update
You must log in to issue the command.
Master User Name: Master1
Password:

Select the destination for the new CA key.
Choose one of:
1. Software
2. nCipher Corp. Ltd  SN : a165a26f929841fe SLOT : 761406613
3. Cancel operation
> 1
Checking cluster status...

The cluster will be stopped and the CA key updated.
Do you wish to continue (y/n) ? [y]
Stopping cluster...

100% complete. Estimated time remaining -:-:- \

CA key and certificate successfully updated.
Recovering CA profile...
Starting cluster...

CA profile successfully recovered.

It is recommended that all revocation lists be re-issued. This can be done
later with the 'rl issue' command. Re-issue revocation lists now (y/n) ? [y] y

Issuing CRLs, please wait ...

1 CRL(s) were issued.
1 ARL(s) were issued.
1 combined CRL(s) were issued.

Publishing CRLs, please wait ...

ou=CAentry,dc=entrustsm,dc=local.Master1 $

entsh$ ca key show-cache
**** In Memory CA cache ****
Record Status Legend:
C = current key
H = key on hold
A = non-current key
X = revoked or expired non-current key has been obsoleted
HWV1 = hardware key PKCS11 V1 *** NOT SUPPORTED ***
HWV2 = hardware key PKCS11 V2
SW = software key

----------------------------------------------------

Internal key index:           1
CA certificate issued by:     ou=CAentry,dc=entrustsm,dc=local
serial number:                4C7E153209746BBDFE40E3DC7FBA5B80
current CA certificate:       N
CA certificate issue date:    Wed Feb  4 20:45:30 2026
CA certificate expire date:   Mon Feb  4 21:15:30 2036
subject key identifier:       9058E1594707B6B27E05681C7F40E09A6EA2E3FD
private key active:           Y
private key expired:          N
certificate expired:          N
certificate revoked:          N
revocation details:           N/A
key:                          ML-DSA-65
global signing policy:        ML-DSA-65 (id-ml-dsa-65)
record status in database:    A HWV2
migrated:                     N
hardware load error:          N
hardware CKA_ID:              6tMiQCwQmpQnKZhMS8JmDxdJow8=
hardware status: Loaded >> 'nCipher Corp. Ltd  SN : 321b143185fc9395 SLOT : 761406614'.

----------------------------------------------------

Internal key index:           2
CA certificate issued by:     ou=CAentry,dc=entrustsm,dc=local
serial number:                086DA6686EF3A7E31007D3316EE2DD85
current CA certificate:       N
CA certificate issue date:    Wed Feb  4 21:08:26 2026
CA certificate expire date:   Mon Feb  4 21:38:26 2036
subject key identifier:       B26CD693C8816EABC969642F5161CC2302B45BD4
private key active:           Y
private key expired:          N
certificate expired:          N
certificate revoked:          N
revocation details:           N/A
key:                          ML-DSA-65
global signing policy:        ML-DSA-65 (id-ml-dsa-65)
record status in database:    A HWV2
migrated:                     N
hardware load error:          N
hardware CKA_ID:              /5NhwhPJS9mQS3Pt5QzUqp8U9Uo=
hardware status: Loaded >> 'nCipher Corp. Ltd  SN : 321b143185fc9395 SLOT : 761406614'.

----------------------------------------------------

Internal key index:           5
CA certificate issued by:     ou=CAentry,dc=entrustsm,dc=local
serial number:                6960EC23251AF55F5AFFCF03DE37DE05
current CA certificate:       N
CA certificate issue date:    Thu Feb  5 14:00:16 2026
CA certificate expire date:   Tue Feb  5 14:30:16 2036
subject key identifier:       6680725FD6E63F1FB109C5F6352EB0913CD49612
private key active:           Y
private key expired:          N
certificate expired:          N
certificate revoked:          N
revocation details:           N/A
key:                          ML-DSA-65
global signing policy:        ML-DSA-65 (id-ml-dsa-65)
record status in database:    A HWV2
migrated:                     N
hardware load error:          N
hardware CKA_ID:              dYVzIeCvg3cN9fwiQw24841K9us=
hardware status: Loaded >> 'nCipher Corp. Ltd  SN : 321b143185fc9395 SLOT : 761406614'.

----------------------------------------------------

Internal key index:           8
CA certificate issued by:     ou=CAentry,dc=entrustsm,dc=local
serial number:                00E6020196A7E9D1EE41F9663A57F813ED
current CA certificate:       N
CA certificate issue date:    Thu Feb  5 14:08:21 2026
CA certificate expire date:   Tue Feb  5 14:38:21 2036
subject key identifier:       F071AD4BB3412A539FDAAD77293AF90BFCD8DA4B
private key active:           Y
private key expired:          N
certificate expired:          N
certificate revoked:          N
revocation details:           N/A
key:                          ML-DSA-65
global signing policy:        ML-DSA-65 (id-ml-dsa-65)
record status in database:    A HWV2
migrated:                     N
hardware load error:          N
hardware CKA_ID:              wHof/C4+JDcoa7P0jS/Zrp9yLKc=
hardware status: Loaded >> 'nCipher Corp. Ltd  SN : 321b143185fc9395 SLOT : 761406614'.

----------------------------------------------------

Internal key index:           11
CA certificate issued by:     ou=CAentry,dc=entrustsm,dc=local
serial number:                53BD53871B25B3569EB6CB82BB3E9981
current CA certificate:       Y
CA certificate issue date:    Thu Feb  5 14:14:52 2026
CA certificate expire date:   Tue Feb  5 14:44:52 2036
subject key identifier:       64F9157C4B2F4320E94D8EE784A72218BB62E472
private key active:           Y
private key expired:          N
certificate expired:          N
certificate revoked:          N
revocation details:           N/A
key:                          ML-DSA-65
global signing policy:        ML-DSA-65 (id-ml-dsa-65)
record status in database:    C SW
migrated:                     N
hardware load error:          N
hardware CKA_ID:              N/A
hardware status: CA Hardware not used.

----------------------------------------------------
**** End of In Memory CA cache ****

entsh$ ca cert list
You must log in to issue the command.
Master User Name: Master1
Password:
Serial Type    Issue Date           Expiry Date          Post  Revoked
[1]    CA      2026/02/04 20:45:30  2036/02/04 21:15:30  yes
[2]    CA      2026/02/04 21:08:26  2036/02/04 21:38:26  yes
[3]    LINK    2026/02/04 20:45:30  2036/02/04 21:15:30  yes
[4]    LINK    2026/02/04 21:08:26  2036/02/04 21:15:30  yes
[5]    CA      2026/02/05 14:00:16  2036/02/05 14:30:16  yes
[6]    LINK    2026/02/04 21:08:26  2036/02/04 21:38:26  yes
[7]    LINK    2026/02/05 14:00:16  2036/02/04 21:38:26  yes
[8]    CA      2026/02/05 14:08:21  2036/02/05 14:38:21  yes
[9]    LINK    2026/02/05 14:00:16  2036/02/05 14:30:16  yes
[10]   LINK    2026/02/05 14:08:21  2036/02/05 14:30:16  yes
[11]   CA      2026/02/05 14:14:52  2036/02/05 14:44:52  yes
[12]   LINK    2026/02/05 14:08:21  2036/02/05 14:38:21  yes
[13]   LINK    2026/02/05 14:14:52  2036/02/05 14:38:21  yes

The certificate with serial number [11] is the current CA certificate.

Serial Numbers:
[1] 4C7E153209746BBDFE40E3DC7FBA5B80
[2] 086DA6686EF3A7E31007D3316EE2DD85
[3] 00A8B87A0612934C2D522E7AF7EB9A0A79
[4] 152A6F15BE381E8B2F4F03FB1A167BC5
[5] 6960EC23251AF55F5AFFCF03DE37DE05
[6] 4F542CCFD25463684E5C412E8B838A54
[7] 009A0682870169AC94E5C00DE8BECE7A02
[8] 00E6020196A7E9D1EE41F9663A57F813ED
[9] 319C31295E34F6CF459C30811B5AA5D2
[10] 00F992254B1603E1F78A12B854CD2D1DFB
[11] 53BD53871B25B3569EB6CB82BB3E9981
[12] 009A7BC3200C501AB806521B42884B9488
[13] 3FAA41EEE310FAB6276460686491F63F

ou=CAentry,dc=entrustsm,dc=local.Master1 $