Integration Guide › Integrate Entrust Security Manager › Configure CA Directory › Configure the Entrust DSA

Configure the Entrust DSA

When you create a new DSA, the initialization file of the new DSA sources the default configuration files. In this case, the new Entrust DSA is set to use the default configuration files.

When you upgrade CA Directory, these default configuration files are overwritten, even if you have customized them.

To prevent an upgrade from overwriting the configuration files used by the Entrust DSA, you should create your own set of configuration files and set the Entrust DSA to use these.

To customize the Entrust DSA

1. Create copies of the following default configuration files:
   • Copy limits\dxmanager.dxc to limits\entrust.dxc
   • Copy logging\dxmanager.dxc to logging\entrust.dxc
   • Copy schema\dxmanager.dxg to schema\entrust.dxg (turn off the read-only flag)
   • Copy settings\dxmanager.dxc to settings\entrust.dxc
   • Copy database\dxmanager.dxc to database\entrust.dxc
2. Edit the servers\entrust-Master-entrust.dxi file to source the new configuration files.

   The DXI file should now look like this:

   # Computer Associates DXserver
   #
   # Initialization file written by dxmanager
   # logging and tracing
   source "../logging/entrust.dxc";
   # LEGACY licence
   # source "../licence/dxmanager.dxc";
   # schema
   clear schema;
   source "../schema/entrust.dxg";
   # knowledge
   clear dsas;
   source "../knowledge/entrust.dxc";
   # operational settings
   source "../settings/entrust.dxc";
   # service limits
   source "../limits/entrust.dxc";
   # database
   source "../database/entrustdb.dxc";
   # database settings
   source "../database/entrust.dxc";
   # access controls
   clear access;
   source "../access/dxmanager.dxc";
   # replication agreements (rarely used)
   # source "../replication/";
   # multiwrite DISP recovery
   set multi-write-disp-recovery = false;
   # cache configuration
   # set max-cache-size = 100;
   # set cache-index = commonName, surname;
   # set cache-attrs = all-attributes;
   # set lookup-cache = true;
   

3. Open the schema file schema/entrust.dxg in a text editor.
4. Add the following line to the file:

   source "entrust.dxc";
   

5. Save and close the schema.
6. When the Entrust DSA is started, it will source the Entrust schema.
7. Confirm that the configuration files do not contain errors, using the following command:

   dxsyntax
   

   If no messages appear, the configuration contains no errors.

   If there are any errors, fix them, and then run dxsyntax command again.