Configuring a certificate template for Entrust

Follow these steps to complete the configuration of the Entrust certificate template.

Procedure

  1. From the Cloud Extender® Configuration Tool, go to the Certificate Templates window.
  2. Click Add New Template > Create New Template > Device Certificate.
    The Template Configuration window is displayed.
  3. Provide the following information for the template:
    Option Description
    Template Name The name of your Entrust template. The template name is displayed in the MaaS360® policies under various configuration sections that use identity certificates.
    Type Use the Entrust type for Entrust CA integration.
    Entrust Web Service URL The web service URL for the Entrust CA.
    Administrator Username & Password The credentials of the Entrust CA administrator.
    Group Name The group name that issues all user certificates for Entrust.
  4. Click Continue.
    The Cloud Extender makes a web service call to the Entrust CA and receives a list of defined Digital IDs.
  5. From the list, choose the Digital ID.
    Values for the Digital ID automatically populate the RDN format.
  6. Replace %REPLACE% with supported variables for the Subject Name of the certificate for each of the RDN values.
    The template supports any of the following dynamic parameters:
    Parameter name Description
    %udid% The UDID of the device.
    %csn% The MaaS360 device ID.
    %uname% The user name of the device owner.
    %domain% The domain of the user.
    %email% The email address for the user.
    %imei% The IMEI number of the device.
    %model% The device model.
    %sim% The SIM number of the device.
    %phnumber% The phone number of the device.
    Requires User Visibility module: %ou% Organizational Unit
    Requires User Visibility module: %cn% Common Name
    Requires User Visibility module: %dc% Domain Component
    Requires User Visibility module: %dn% Distinguished Name
  7. Select a name that uniquely identifies the user for authentication from the Subject Alternative Name Type list.
    Choose from the following options:
    • None
    • UPN
    • UPN and Email
    • Other: Open ended configuration that supports all variables as the subject name.
  8. Select the number of days in the Renewal Period (Days) field to try to renew the certificate before the certificate expires.
    The default value is 14 days. For example, if a certificate is valid for one year, 14 days before the end of that year, the Cloud Extender attempts to renew the certificate. The Cloud Extender attempts two renewals per certificate per week.
  9. Select the Search For Entrust User by CN check box to search for a user by common name instead of searching by user name (which is the default setting).
  10. Click Save.