Configuring a certificate template for Entrust

Complete the configuration of the Entrust certificate template.

Procedure

  1. From the Cloud Extender® Configuration Tool, go to the Certificate Templates window.
  2. Click Add New Template > Create New Template > Device Certificate.
    The Template Configuration window is displayed.
  3. Provide the following information for the template.
    Option Description
    Template Name The name of your Entrust template. The template name is displayed in the MaaS360® policies under various configuration sections that use identity certificates.
    Type Use the Entrust type for Entrust CA integration.
    Entrust Web Service URL The web service URL for the Entrust CA.
    Administrator Username & Password The credentials of the Entrust CA administrator.
    Group Name The group name that issues all user certificates for Entrust.
  4. Click Continue.
    The Cloud Extender makes a web service call to the Entrust CA and receives a list of defined Digital IDs.
  5. From the list, choose the Digital ID.
    Values for the Digital ID automatically populate the RDN format.
  6. Replace %REPLACE% with supported variables for the Subject Name of the certificate for each of the RDN values.
    The template supports any of the following dynamic parameters.
    Parameter name Description
    %udid% The UDID of the device.
    %csn% The MaaS360 device ID.
    %uname% The username of the device owner.
    %domain% The domain of the user.
    %email% The email address for the user.
    %imei% The IMEI number of the device.
    %model% The device model.
    %sim% The SIM number of the device.
    %phnumber% The phone number of the device.
    Requires User Visibility module: %ou% Organizational Unit
    Requires User Visibility module: %cn% Common Name
    Requires User Visibility module: %dc% Domain Component
    Requires User Visibility module: %dn% Distinguished Name
  7. Select a name that uniquely identifies the user for authentication from the Subject Alternative Name Type list.
    Select from the following options.
    • None
    • UPN
    • UPN and Email
    • Other is for an open ended configuration that supports all variables such as the subject name.
  8. Select the number of days in the Renewal Period (Days) field to try to renew the certificate before the certificate expires.
    The default value is 14 days. If a certificate is valid for one year, the Cloud Extender renews the certificate 14 days before the end of that year. The Cloud Extender attempts two renewals per certificate per week.
  9. Select the Search For Entrust User by CN checkbox to search for a user by common name instead of searching by username (which is the default setting).
  10. Click Save.