- About
- Products
- Services
- Locations
- Partners
- Developers
- Resources
- News/Events
- Customers
Entrust Authority Security Manager Proxy
Get Technical
Entrust Authority Security Manager Proxy software runs a service that allows clients to communicate with an Entrust Certification Authority (CA) and back-end servers over the Internet, without making major changes to existing firewall settings.
When using Entrust Authority™ Security Manager (formerly Entrust/PKI) within a company network, clients can communicate easily with the CA, without having to pass through any security measures such as a firewall. Software clients can communicate easily with the CA using one of seven acceptable protocols:
| Protocol | Used by … |
|---|---|
| SEP | CA (For all Entrust Authority™ Security Manager formerly called Entrust/PKI versions up to 6.0) |
| PKIX-CMP | CA (For all Entrust Authority™ Security Manager formerly called Entrust/PKIversions) |
| ASH | CA |
| PROTO-PKIX | CA, Entrust Authority Enrollment Server, Entrust Authority Enrollment Server for Web, and Entrust Authority Enrollment Server for VPN |
| SPEKE | Entrust Authority Roaming Server |
| LDAP | The Directory |
| TIMESTAMP | Entrust Authority Timestamp Server |
In contrast, data packets sent by clients over the Internet usually have to pass through one or more firewalls before they can be forwarded to the CA or other back-end servers (such as the Directory or the Entrust Authority™ Roaming Server). Firewalls typically restrict incoming traffic to HTTP or TLS packets on specific ports. As a result, data packets sent by regular Entrust Authority protocols cannot reach the CA.
How the Entrust Authority Security Manager Proxy Works
- Data packets sent from a client machine are encapsulated by the Client component of the Security Manager Proxy as HTTP or TLS so that they can tunnel through the firewall.
- Once the packets are through the firewall, the Server component of the Security Manager Proxy receives and unwraps the packets, and forwards them to the CA.
- The response information from the CA or other back-end servers is then re-wrapped by the Server component in HTTP or TLS so that it can proceed back through the firewall to the Internet.
- The response information is received by the client machine and unwrapped by the Client component of the Security Manager Proxy so the client machine can understand the CA response.
Supported Platforms
Security Manager Proxy server component:
- Microsoft®: Windows® Server 2003
- Microsoft® Windows® 2000 Server
- Sun® Solaris 8
Security Manager client component:
- Microsoft®: Windows® Server 2003
- Microsoft® Windows® 2000 Server
- Microsoft® Windows® 2000 Professional
- Microsoft® Windows® XP Professional
- Sun® Solaris 8