Release 5.5

January 2020

Enterprise Service Gateway Memory Increase

Attention: For existing ESG appliances, before upgrading to 5.5, Administrators must manually increase the memory allocation of the virtual appliance from 2GB to 4GB.

IntelliTrust Issuance Beta

This release features a beta preview of the Cloud Issuance API for select partners. Use this new API to issue credentials via cloud-enabled Entrust Datacard printers.

More Information:

• Developer Portal
• API Guide
• Limitations

Microsoft CA Support

The Certificates List page has been updated to include support for Microsoft Certificate Authorities (CAs).

Smart Credentials can be created using a Smart Credential definition with Digital ID configurations that are associated with a Microsoft CA.

The use of a Microsoft CA requires the installation and configuration of a Microsoft CA Proxy service running on a domain-joined Windows server.

Please review the Administration Guide for complete details on how to configure your IntelliTrust account to use a Microsoft CA.

The following limitations apply:

• Any update or refresh to the Microsoft CA configuration in the IntelliTrust Administration Portal will be propagated to the CA Gateway and a restart of the CA Gateway will occur. Current requests, for example, authentication or enrollment, to the CA Gateway will fail and need to be re-executed. Similarly, if the Password Agent or CA Gateway is restarted manually, the latest Microsoft CA configuration will also be propagated.
• Any update to the certificate template configuration in the Microsoft CA requires the Microsoft CA to be refreshed in the IntelliTrust Administration Portal.
• Certificate revocation check is supported using CRLs that use either LDAP and/or HTTP. Both protocols need to be accessible by the ESG. This requires configuring anonymous access to the LDAP CRL.
• This release does not support key recovery. Microsoft CA certificate templates should be configured without key backup/archive enabled. Support for key recovery, which includes the use of Microsoft CA key recovery agents, will be available in a future release.

More Information:

• Admin Guide

Gateway Web UI

Version 5.5 of the Enterprise Service Gateway (ESG) provides a new web-based interface for registering the ESG with your IntelliTrust account. When the ESG boots up, a configuration URL is displayed. Administrators can open that URL in their browser and configure the ESG without having to use the CLI.

Entrust Soft Token Activation Improvements

A new setting has been added to the Entrust Soft Token authenticator settings that allows an Administrator to select the activation methods included in the Entrust Soft Token activation email.

Options include:

• Activation link
• QR code
• Manual activation

At least one activation method must be selected.

Users will no longer automatically receive an activation email if they add a new Entrust Soft Token or a Google authenticator. They must now click a button in the activation dialog box to receive an activation email.

Changes to IntelliTrust APIs

The following have been added to the Administration APIs for Microsoft CA support:

• DigitalIdConfig contains a new caType (EDC or MS), certTemplates (array of DigitalIdConfigCertTemplate), and dnFormatSearchbaseIncluded (boolean) properties.
• A new type DigitalIdConfigCertTemplate was added with digitalIdConfigId (string), id (string), name (string), and pivContainer (PivAuth, CardAuth, DigSig, KeyMgmt, and None).
• User contains a new dn (string) property.