Entrust PKI as a Service

Configuring MDM automation with Cloud Extender

After downloading and installing IBM MaaS360 Cloud Extender, run the Cloud Extender Configuration Tool to configure MDM integration.

To configure IBM Cloud as an MDM provider:

  1. In the Cloud Extender Configuration Tool, click Certificate Integration.

    PNG

  2. Click Add New Template to deploy the certificate template options.

    PNG

  3. Under Select your Enterprise Certificate Authority (CA), select “Entrust”.

  4. Under Select the purpose of the issuing Identity Certificates, select “Creates Device Identity Certificate”.

  5. Click Next to configure the Entrust CA settings.

    PNG

  6. Fill in the following fields.

    Field Value
    Template Enter a user-friendly name for this configuration
    Web Service URL Enter the Web Service URL value obtained in section Configuring MDM IBM MaaS360 in PKIaaS. Make sure this URL ends with “AdminServiceV9”.
    Administrator Username Enter the same User Name that was used for creating a credential in section Configuring MDM IBM MaaS360 in PKIaaS.
    Password Enter the password obtained after generating a credential in section Configuring MDM IBM MaaS360 in PKIaaS.
    Managed CA Name Enter the same credential CA Identifier selected in section Configuring MDM IBM MaaS360 in PKIaaS.

  7. Click Continue to populate the Digital ID list of Digital ID configurations.

  8. Select a Digital ID configured to use a PKIaaS CA with an mdmws certificate profile that supports P12.

    ℹ Selecting a Digital ID will automatically populate the RDN Format and the RDN Variables fields.

  9. In the RDN Format and the RDN Variables fields, replace every occurrence of %REPLACE% with the Subject Name variables described at: https://www.ibm.com/docs/en/maas360?topic=integration-configuring-certificate-template-entrust

  10. Click Next to configure the certificate properties.

    PNG

  11. Enable all four revocation-related checkboxes to automatically revoke certificates (recommended).

  12. Click Next to configure a test certificate request.

    PNG

  13. Configure the following values under Test Configuration.

    Field Value
    Certificate Name (csn) Enter a name for the new certificate.
    Substitutions Enter a value for each variable configured in the RDN Format and RDN Variables fields.

  14. Click Save and Test and wait while the test certificate is issued.

  15. Click Advanced and configure the renewal settings.

    PNG

  16. Click OK to close the Advanced dialog.

  17. Click Save.