2.3 Differences with JASTK
Much of the configuration for JASTK is the same as the configuration for MyID's integration with Entrust using the Entrust Administration Toolkit for C
However, you must be aware of the following:
-
You require the XAP (XML Administration Protocol) details of your CA, and must ensure the XAP port is open.
See section 2.1, Prerequisites and section 2.14, Ports required for Entrust.
-
You may require an additional XAP Entrust user profile in addition to the Admin EPF user profile.
See section 2.4, Create the MyID server profiles, section 2.5, Set up the MyID Entrust administration link, and section 2.8, Set up the MyID Entrust Certificate Authority.
-
MyID's integration with Entrust JASTK supports both RSA and ECC keys.
-
Key sizes are determined on the CA and you cannot change them within MyID.
-
The logging has changed significantly.
-
Deactivation of card authentication users is now a configuration option rather than registry controlled.
See section 2.16, Deactivation of card authentication users.
-
The Track Entrust distinguished name changes option, which previously controlled whether MyID sent DN changes to Entrust when using the Entrust Administration Toolkit for C, is not relevant for Entrust JASTK. This option has now been removed from MyID.
-
Attempting to issue certificates to users who do not exist in the directory now generates the generic error -1685 instead of error -2976 as previously.
See section 2.1.4, Issuing certificates to users who do not exist in the directory.
-
The JASTK credentials that you use to authenticate to Entrust must have a different certificate type.
Previously, the admin credentials did not require the Admin Services User Management certificate type; JASTK requires this certificate type. If you are reusing credentials from an Entrust Administration Toolkit for C system, you must change the certificate type. You may need to collect new certificates, depending on the version of the Entrust CA and JASTK you are using.