Add a Gateway Instance

Configure the Gateway

1.      Power on your the virtual machine.

2.      If the VM is in a network with DHCP disabled, you must log in to the VM and set up the static IP before using the cockpit to register the Gateway as follows:

a.      At the login prompt, enter entrust.

b.      At the password prompt, enter entrust. You are prompted to create a new password.

c.       At the (current) UNIX password prompt, enter entrust to confirm your existing password.

d.      Enter a new password. The password must meet the following rules:

–   Must not be based on any word found in the English dictionary

–  Cannot contain spaces.

–  Must contain at least 8 alphanumeric (a-z, A-Z, 0-9) characters.

–  Must contain at least one special character (for example, ! %*) character.

e.      At the Retype new password prompt, re-enter the password. The Entrust Identity as a Service Gateway Configuration Tool appears.

f.        Setup static IP for the VM

–  Option one: Run sudo /home/entrust/tools/setup_static_ip.sh and respond to the prompts. The network service restarts.

–  Option two: Set up the static IP manually according to the needs.

3.      In your Web browser, enter the IP address of your Virtual Machine using port 9090, for example, https://192.168.1.20:9090 and accept the browser self-signed certificate warning. The Identity as a Service Gateway Web Interface opens.

The self-signed certificate is created on VM boot, which is unique to each Enterprise Gateway. If you want to change the certificate for the cockpit (IDaaS Gateway Web interface), replace the file /etc/cockpit/ws-certs.d/0-self-signed.cert which contains both the certificate and the private key. If multiple certificates exist under the /etc/cockpit/ws-certs.d/ folder, the cockpit uses the last file with a .cert or .crt extension in alphabetical order. Use the following command to see which certificate has been used:

sudo remotectl certificate

Note: Internet Explorer is not supported.

4.      At the User Name prompt, enter entrust.

5.      At the password prompt, enter entrust. You are prompted to create a new password.

6.      Follow the prompts to reset the password.

Attention: After you have changed your password, when you log in to the Web Interface, you must select Reuse my password for privileged tasks.

7.      At the (current) UNIX password prompt, enter entrust to confirm your existing password and click Log In.

8.      Enter a new password. The password must meet the following rules:

●       Must not be based on any word found in the English dictionary

●       Cannot contain spaces.

●       It must contain at least 8 alphanumeric (a-z, A-Z, 0-9) characters.

●       It must contain at least one special character (for example, ! %*) character.

9.      At the Retype new password prompt, re-enter the password. The Identity as a Service Enterprise Gateway Configuration Tool appears.

10.  Click Get Started. The Network Settings page appears.

11.  By default the hostname is entrust-idaas-agent. To change the hostname:

g.      Click the Hostname link. The Hostname dialog box appears.

h.      Enter a new hostname and click Save.

12.  To change the IP Configuration, click the IP Address link.

a.      Select Static or DHCP.

b.      Make the required Network Settings changes. A confirmation dialog box appears.

c.      Click Save.

13.  Click Next. The NTP Settings appear.

14.  Optional: If you want to change any of the NTP Settings, do the following:

a.      On the NTP Settings page, click Edit.

b.      Make the required NTP Settings changes and click Save.

15.  Click Next.

16.  If required, click Configure. The Configure Proxy page appears.

a.      Enter the Proxy server host IP or Proxy host name.

b.      Enter the Proxy port number.

c.      Enter the Proxy username.

d.      Enter the Proxy password.

e.      Click Save.

17.  Click Next. The Registration Parameters appear.

18.  Paste the Registration Code you copied when you created the Gateway.

19.  Click Register.

20.  Recommended. For high availability, add more than one Gateway Instance.

Attention: When making changes to the proxy configuration on the Identity as a Service Gateway the appliance must be restarted in order for the changes to take effect.