Entrust Identity as a Service™ Administrator Help
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. Manage Certificate Authorities >
  3. Configure a Microsoft CA >
  4. Export a Microsoft CA trust chain

 

Export a Microsoft CA trust chain

You must export a user's smart credential certificate authority to their Windows Domain if a user wants to use their smart credential for Windows Smart Card Logon (SCLO). The CA certificates exported from an Identity as a Service account are contained in a zip file. The zip file contains the following files:

trustedca.cerThe root CAthat should be loaded into the Windows TrustedCA of the user using their mobile Smart Credential to achieve smart card logon.

intermediatecaX.caThe intermediate certificates that should be loaded into the Windows intermediate CA store of the appropriate users.

Note: The Microsoft CA might only have a single root CA. In this case, intermediatecaX.ca will not be present.

See the Entrust Certificate Agent for Windows Smart Card Logon Integration Guide for more information about configuring a CA for SCLO.

Export the Microsoft CA trust chain

Click > Resources > Certificate Authorities. The Certificate Authorities page appears.

Click for the Microsoft CA you want to export. The Export CA Trust Chain dialog box appears.

Click Export to download the CA zip file.

Tip: If the certificate trust chain fails to download, check the Gateway password agent logs for errors and the Microsoft CA Proxy log.