Managed Services PKI

Key Technical Features

Entrust Managed Services PKI provides a number of standard and optional technical services.

Standard features

The following services are included in both the Standard Certificate Service offering and the Customer-Branded Certificate Service offerings:

  • Installation, hardening of the CA operating system on CA Servers
  • Generation and storage of CA key in Hardware Security Module to prevent tampering or theft of keys
  • Key Generation Ceremony, if required
  • Creation of organization-specific certificate templates and extensions, if required
  • Multiple Administrators required to approve critical CA operations
  • Entrust network secure tunnel mechanism to enable secure communication with components provided by organization in its network, if required
  • Configuration of network and firewall rules to permit organization access to Entrust Managed Services network while optimizing security; CA service includes multiple firewalls and segmented network security zones
  • Customer can administer their users through a Web-based interface
  • Setup for intelligent monitoring of faults, configuration management, response performance and security incidents
  • Trusted certificate authentication to verify the identity of a device or user
  • Setup and configuration of robust data backups and off-site data archives to ensure your information is never lost
  • Setup for Primary Site failover to Disaster Recovery location
  • Published Certificate Revocation List (CRL) enabling applications to determine if a given certificate is trusted
  • Encryption key archival and retrieval in the event of an accidental loss; ensures you can decrypt previously encrypted sensitive data
  • Maintenance of current hardware and software with performance-tuning to ensure responsive operation as your usage grows
  • Device certificates authenticate servers and remote devices
  • Annual auditing by a professional auditing firm; ensures compliance to Entrust's Certificate Practice Statement and ensures accountability
  • Flexible, zero-footprint enrollment mechanisms for adding new users and devices (with or without administrator approval)
  • High availability and contractually agreed service levels for business continuity (99.5 percent or greater uptime)
  • Duplicate equipment and data at a remote disaster recovery site to ensure business continuity in the event of a disaster
  • High physical security of all computing facilities and security cleared, bonded staff with separation of duties
  • Setting of key usage ensures keys are used according to your intention; for example, encryption only, code-signing only, or signing only

The following services are included in the Customer Branded Certificate Service only:

  • Brand certificates with your organization's name in the 'Issuer' field
  • Creation and configuration of organization CA policies and roles consistent with Organization Certificate Policy (CP) and Certificate Practices Statement (CPS)
  • Publishing of organization's certificates from Managed Services PKI to organization's LDAP directory infrastructure, if compatible and required
  • Branding of the enrollment and administration Web interfaces with organization's name and logo

Optional features

Entrust provides the following value-added services at an additional cost:

  • Entrust Entelligence Security Provider
    • Automatic certificate updates prior to expiration without human intervention; prevents business interruption due to expired certificates
    • Caching of email recipient certificates enabling email composition offline
    • Fully automated enrollment of users and devices through Auto-enrollment Server
    • Online Certificate Status Protocol (OCSP) client for revocation status; accomplished through Entrust Entelligence Security Provider
  • Customizable enrollment and administration Web pages
  • End-user or Administrator certificates stored on smart cards or tokens for additional security
  • Configuration and setup of data center Online Certificate Status Protocol services, if required
  • Automatic population of certificates in VPN devices using Simple Certificate Enrollment Protocol (SCEP)
  • Publicly rooted Certification Authority (CA), which ensures your organization's certificates are automatically trusted by users outside the enterprise

Featured Resources

White Papers

Entrust Public Key Infrastructure (PKI)

Public key infrastructure or PKI refers to a system that provides certificate management for digital certificates. Digital certificates contain public key pairs that can be used for encryption, digital signature and authentication security. Entrust PKI security solutions help government agencies and corporations to secure their digital identities and information.

Specialized "passport PKI" is used by governments to verify and secure data stored on a chip imbedded in passports issued to citizens. Epassport PKI involves the use of PKI by governments to secure data stored on a chip imbedded in a passport. The government acts as a certification authority that issues the digital certificates used in an ePassport system.

Entrust is a trusted provider of network security solutions that include digital certificates, managed PKI certificates, two factor-authentication, ssl certificates, token authentication, smart card PKI and encryption software.