2.8 Limitations

The following are known limitations with MyID's integration with an Entrust CA accessed through the Entrust CA Gateway:

• MyID has not been tested with Entrust CA policies that have been configured to support ECC keys and related signing algorithms.

• The Entrust CA Gateway API does not support directory certificate attributes.

• The Entrust DN tracking feature is not currently supported by the MyID Entrust Rest API connector.

• By default, the Entrust CA restricts certificate lifetime to a minimum period of seven days when the certificate is requested through the Entrust CA Gateway. The CA increases the lifetime to seven days if the request certificate lifetime is less than seven days. If you want to issue short lifetime certificates, you must configure the EnableShortCertValidity option within Entrust; see your Entrust documentation for details.

• The use of the Entrust CA default certificate lifetime feature is not currently supported.

• The rule for the generation of passcodes for protecting the certificate private key in a PKCS#12 response is not configurable. The rule exists so that the passcode meets the requirements stated in the documentation for Entrust CA application version 2.8.10+.

  The passcode generation rules are as follows:

  • When generating a passcode for requesting a certificate, the passcode must be exactly 16 characters long and contain at least one uppercase and one lowercase letter from the ISO basic Latin alphabet, one number, and one symbol.

  • When generating a passcode for requesting a key recovery, the passcode must be exactly 32 characters long and contain at least one uppercase and one lowercase letter from the ISO basic Latin alphabet, one number, and one symbol.