EntrustNET and ESM CA specific attributes

Defines the values that the EntrustNET CA uses for certificate enrollment and renewal.

Attribute

Description

EntrustNET CA:Additional Emails

UI: Other Email Addresses
Required: No

Policy Definable: No. Default: NA

One or more secondary email contacts. Each contact would be another instance of the attribute.

EntrustNET CA:Additional Field Value

UI: Tracking Fields
Required: No

Policy Definable: No. Default: NA

No NA

An identifier-value pair for a custom field defined in the Entrust Certificate Management Service portal. The custom field identifier consists of the word Text plus consecutive numbers starting at 1 for the respective field. For example Text1 for the first Text field, Text2 for the second Text field, Text3 for the third Text field, and so on.

Syntax: <field identifier>,<value>

EntrustNET CA:Additional Field

UI: NA
Required: No

Policy Definable: No. Default: NA

Internal.

EntrustNET CA:Email Address*

UI: Email
Required: Yes

Policy Definable: Yes. Default: NA

The email address.

EntrustNET CA:First Name*

UI: First Name
Required: Yes

Policy Definable: Yes. Default: NA

The first name of a person.

EntrustNET CA:Last Name*

UI: Last Name
Required: Yes

Policy Definable: Yes. Default: NA

The last name of a person.

EntrustNET CA:Specific End Date

UI: End Date
Required: No

Policy Definable: No. Default: NA

No NA The exact certificate expiration date to use the next time the certificate renews. The date must occur between the request date and the expiration date based on the Validity Period. If the CA template does not allow Specific End Date, this attribute is ignored.

EntrustNET Validity Period

UI: NA
Required: No

Policy Definable: No. Default: NA

Read only. Tracks the most recent time that the driver polled the CA to determine whether the requested certificate is ready for retrieval. By default the driver checks once every 5 minutes.

If the timestamp value is not set, the driver continually polls the CA. The value updates after every unsuccessful retrieval.

ESM CA:Override Default Key Update Policy

UI: Override Default Key Update Policy
Required: No

Policy Definable: No. Default: NA

Overrides the Entrust Security Manager (ESM) CA’s private key update requirements.

0 = No override.

1 = Use the validity period from the Certificate object. Set the key lifetimes instead of using the default key update policy defined for the Entrust user.

Validity Period

UI: NA
Required: No

Policy Definable: No. Default: NA

The number of years that a certificate is valid. If the value is not set, the shortest validity period allowed by the CA template is the default. If a user assigns a CA template to a Discovered certificate and then renews the certificate, the value also resets to the shortest validity period.

* The Entrust Certificate Services CA collects this information at the time of enrollment.