Install and configure directory service
Install directory service
The Entrust Certificate Authority requires an LDAP (Lightweight Directory Access Protocol) compliant directory service or a third-party LDAP-compliant X.500 directory. A remote OpenLDAP directory service with a self-signed certificate was used in this integration. See PSIC-Entrust Certificate Authority x for the list of directory services supported.
-
Install the required directory service.
-
Add the following firewall rule if accessing a directory in another server:
firewall-cmd --add-port=389/tcp
Configure directory service
The Entrust Certificate Authority directory schema configuration is described in Entrust Certificate Authority 10.2 Documentation Suite - Issue x.
-
Implement the configuration corresponding to your directory service.
The following directory service parameters are used in this integration:
-
Top Level DN:
dc=entrustsm,dc=local
-
CA Directory Location:
ou=CAentry,dc=entrustsm,dc=local
-
Director Administrator:
cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local
-
First Officer:
cn=FirstOfficer,ou=CAentry,dc=entrustsm,dc=local
-
-
Test access to the directory services:
C:\Users\Administrator>C:\OpenLDAP\ClientTools\ldapsearch -x -h ldap://<directory_services_server_IP_or_Name> "cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local" -b "cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local" -s sub -W Enter LDAP Password: ********* # extended LDIF # # LDAPv3 # base <cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local> with scope subtree # filter: (objectclass=*) # requesting: ALL # # EntrustAdmin, CAentry, entrustsm.local dn: cn=EntrustAdmin,ou=CAentry,dc=entrustsm,dc=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: entrustadmin sn: Administrator userPassword:: e1NTSEF9Vjd2ajd6NFlCWE4yblVLZUc1NjVMbU93VzRMOXd0RzM= description: Certificate Authority Directory Administratorr cn: EntrustAdmin # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1