Install and configure directory service

Install directory service

The Certificate Authority requires an LDAP (Lightweight Directory Access Protocol) compliant directory service or a third-party LDAP-compliant X.500 directory. A remote OpenLDAP directory service with a self-signed certificate was used in this integration. See Product Support Center for Authority for the list of directory services supported.

Install the required directory service.
In the firewall rules of the server where the Certificate Authority will be installed, open port 389 for inbound traffic.

Configure directory service

The Certificate Authority directory schema configuration is described in Entrust Certificate Authority.

Implement the configuration corresponding to your directory service.
The following directory service parameters are used in this integration:
- Top Level DN: dc=entrustsm,dc=local
- CA Directory Location: ou=CAentry,dc=entrustsm,dc=local
- Director Administrator: cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local
- First Officer: cn=FirstOfficer,ou=CAentry,dc=entrustsm,dc=local

Test access to the directory services:

C:\Users\Administrator>C:\OpenLDAP\ClientTools\ldapsearch -x -H ldap://<directory_services_server_IP_or_Name> -D "cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local" -b "cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local" -s sub -W
Enter LDAP Password: nCipher123!
# extended LDIF
#
# LDAPv3
# base <cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# EntrustAdmin, CAentry, entrustsm.local
dn: cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: entrustadmin
sn: Administrator
userPassword:: e1NTSEF9Vjd2ajd6NFlCWE4yblVLZUc1NjVMbU93VzRMOXd0RzM=
description: Certificate Authority Directory Administratorr
cn: EntrustAdmin

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1