Entrust Identity as a Service™ Administrator Help
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. Manage Device Verification >
  3. Manage Smart Login >
  4. Configure the Domain Controller to trust the issuing CA

 

Configure the Domain Controller to trust the issuing CA

You need to configure the domain controller to trust the Certificate Authority that issues the smart credential.

Note: If the Identity as a Service Certificate Authority resides on the Domain Controller, then this step is not required.

Configure the Domain Controller to trust the issuing CA

Export the CA trust chain:

For an Entrust Managed PKI Certificate Authority, see Export an Entrust Managed PKI CA trust chain.

Microsoft Certificate Authorities not tied to the domain controller, see Export a Microsoft CA trust chain.

For PKIaaS CA issued smart credentials, see Configure domain controller certificates.

Run the following commands on the domain controller to trust the CA

certutil -f -dspublish trustedca.cer RootCA

certutil -f -dspublish intermediateca1.cer NTAuthCA

certutil -f -dspublish intermediateca1.cer SubCA

certutil -f -dspublish intermediateca2.cer NTAuthCA

certutil -f -dspublish intermediateca2.cer SubCA