PKI participants
See below for the PKI participants in Entrust PKIaaS.
- Certification Authorities
- Registration Authorities
- Subscribers
- Relying Parties
- Policy Authority
- Operational Authority
- Other participants
Certification Authorities
In the structure of the PKIaaS PKI environment:
- The Root CAs serve as the Customer’s PKI trust anchors. The Customer defines the Common Name (CN) of each Online Root CA. The Root CAs issue Certificates to the Issuing CAs and OCSP services.
- The Issuing CAs operate as subordinate to the Root CAs and issue Certificates to or for Subscribers. PKIaaS hosts and operates the issuing CAs.
Registration Authorities
The Registration Authorities (RAs):
-
Decide whether or not to issue a certificate in response to a Subscriber request.
-
Verify applicants’ identities and submit certificate issuance requests on their behalf.
-
Hold responsibility for applicants’ registration, identification, and authentication processes.
-
Operate outside PKIaaS and therefore fall outside the scope of this Certificate Practice Statement.
-
Interact with PKIaaS through published PKIaaS secure APIs.
-
Typically use software applications that interface with the PKIaaS API and provide specific functionality applicable to certificate use.
The Customer holds RA responsibility for verifying the identity and issuing certificates to Subscribers.
Subscribers
Subscribers may use CA services through an RA to support transactions and communications. The Customer holds responsibility for determining:
- Who may be a Subscriber.
- Which people, entities, and devices may receive certificates.
Relying Parties
A Relying Party relies or makes use of a Certificate to verify the Subject’s identity, the integrity of a digitally signed message, or establish confidential communications with the Subject. The Relying Party checks the validity of the Certificate using the appropriate Certificate Status Service.
The Customer holds responsibility for determining who may use issued certificates.
Policy Authority
Entrust holds the Policy Authority responsibility for overseeing and setting policy and practices as applicable to this CPS.
Operational Authority
As the Operational Authority (OA), Entrust operates all Root and Issuing CA systems on behalf of Customers as part of PKIaaS. These systems issue and manage Certificates, Certificate Revocation Lists (CRLs), and OCSP responses issued in accordance with this CPS. The OA holds responsibility for:
- Developing and submitting to the Policy Authority for review and approval, the CPS;
- All equipment and software, hosted by PKIaaS, and required to operate the Customer’s PKI; and
- Ensuring that the CAs, Repository, and other PKI-related components hosted by PKIaaS operate in accordance with this CPS.
Other participants
No stipulation.