Running CreateShortLivedCertificate

By default, Entrust Certificate Authority issues certificates with a minimum validity period of 7 days. The CreateShortLivedCertificate sample application requests a certificate with a validity in minutes.

Before running this sample application, configure Entrust Certificate Authority to issue certificates with a short validity period.

  1. Edit the following configuration file.

    %AUTHDATDIR%/manager/entmgr.ini

  2. Add the following contents.

    [policy]
    EnableShortCertValidty=1

  3. Restart Entrust Certificate Authority.

To run the application, execute the following command line in the etjava/examples directory.

java -classpath classes;../lib/enttoolkit.jar com.entrust.toolkit.examples.pkcs10.CreateShortLivedCertificate <ca_ip> <ca_port> <epf_file> <pf_pwd> <ref> <code> <cert_def> <year> <month> <day> <hour> <validity> <x509_file>

Parameter

Value

<ca_ip>

The hostname or IP address of an Entrust Certification Authority.

<ca_port>

The port for accessing the Entrust Certification Authority.

<epf_file>

The file path of the Entrust profile for an Entrust Certificate Authority user with the First Officer role.

<epf_pwd>

The password for accessing the Entrust profile.

<ref>

The reference number of the Entrust user for which the certificate is requested.

<code>

The authorization code of the Entrust user for which the certificate is requested.

<cert_def>

The name of the certificate definition. This value associates a policy with the certificate.

<year>

The year for the start validity date of the certificate.

<month>

The month for the start validity date of the certificate.

<day>

The day for the start validity date of the certificate.

<hour>

The hour for the start validity date of the certificate, an integer in the [0..23] range.

<validity>

The number of minutes the certificate will be valid, as an integer value in the [0..60] range.

<x509_file>

The path of an output file for saving the issued X.509 certificate.

For example:

C:\etjava\examples>java -classpath classes;..\lib\enttoolkit.jar com.entrust.toolkit.examples.pkcs10.CreateShortLivedCertificate <SM Host> 829 "First Officer.epf" Password! 95693874 3O8A-HMML-BZMQ Verification 2019 5 1 14 30 MyUser.cer
Generating keys...
Successful login to the Admin Profile
Creating the OptionalValidity structure
Creating the P10 Request with the public key from the P11 device
Sending the P10 Request to Entrust Security Manager
 
Retrieved the User Certificate
Version: 3
Serial number: 1490226364
Signature algorithm: sha256WithRSAEncryption
Issuer: o=acmeone,c=CA
Valid not before: Wed May 01 14:00:00 EDT 2019
not after: Wed May 01 14:30:00 EDT 2019
Subject: cn=Test User2,o=acmeone,c=CA
public exponent: 10001
modulus: be10dc9ece963b5f33824e617efbea538fefc2e3c442184c68942fcce618645fc00e68fdf9f9581b5aca3ece74eeff7a23439323ef1b3ef538859a723
2efbeef00df49985e9be4d8af74f0aba7419c0642d0a98484adbcf655094db74ad89d77be510de52abbbf8a19a1315085e244061c12017bea7ecce8c6773592c3d
df8b2e390746264a21a7de71b7e57346492e56f730e502d0b3bde3c5333cc196055465c476a92266e0e2308d6f8ae64dffe204698fbe0aba2f7c4309c41e2cc740
65f14bcedcf45e79dce635b011606f6e18a06f865dc8c6e945d275e46ef8a6c6809723e654a48ef483d8b0d1691d472c82cfd144313045d7f3b85dd2c8896be764
f
 
Extensions: 7
Certificate Fingerprint: D6:81:3B:6C:5A:9D:82:F2:4F:06:C3:A2:6A:EE:8C:E1
 
 
---Certificate Chain
Version: 3
Serial number: 1490199820
Signature algorithm: sha256WithRSAEncryption
Issuer: o=acmeone,c=CA
Valid not before: Wed Mar 22 11:53:39 EDT 2017
not after: Mon Mar 22 12:23:39 EDT 2027
Subject: o=acmeone,c=CA
public exponent: 10001
modulus: e7857f74d512c4bdef00ef2457ebef842645d7c4bf18f32b7f14cee66ed9edddf5d5c8b41c2152ebecdbff13f1f8a1bf48f293b3eb1b8586f89676ecb
c0485bf1b3a7fea2c718a14d827e0fbe67e9dab1d2d076a66c087477f439ac6dd2a28026e338aa322421ecc62e4c724c64411ba898597a760397af818b59d734de
318b7c695312b6efd79c12b4ae62fe47663404b2f980c22d523e2a5a661bc7e1d009c45ca0928dc2280dc184312c06a9ca88f5e091615dc087a5d5014ec9411256
95c3c31024471b274f0b7efbbc3e79e61d957fb175162d48e92fbe718c5d55beaf49cb4cc8a02ca109cf6e5d5d6cbe5f8ccef3a09e3b27f1006ba75b676a41cea6
7
 
Extensions: 5
Certificate Fingerprint: D2:42:67:74:63:C0:AA:9E:C2:4F:27:23:CD:F9:27:03
 
 
Certificate in X.509 format written to: C:\etjava\examples\MyUser.cer