This section defines the licensing terms and permitted uses of the Entrust Cryptographic Security Platform (CSP). 

Authorized Use

In this Licensing section, the term “Customer” means an Entrust customer who has purchased one or more CSP licenses, or an individual authorized by that customer to access components or features of the CSP (“Users”).

CSP is licensed for internal Customer use (i.e. use for the Customer’s own business purposes); however, the Customer is permitted to provide digital certificates, keys or secrets to Users who are outside of the Customer’s organization solely to enable resource access between the Customer and that User.  Customer may also grant access to Users who are employees of external contractors, but only to the extent that such Users are using CSP on Customer’s behalf in the operation or management of the Customer’s business and Customer’s own cryptographic assets.

Except as may be otherwise specified in an express license agreement signed by Entrust, neither Customer nor any User may use CSP to set up or provide its own cryptographic management, analysis or reporting service for other companies (e.g. provision of CSP functionality as a “Managed Service Provider” or “Systems Integrator”).

License Packages 

CSP has three licensing packages (Standard, Pro, and Enterprise), each of which includes different product functionalities/features, as well as volumes of included certificates, standard objects, enhanced objects, and third-party objects.  The table below shows what is included, depending on whether Customer has purchased a Standard, Pro, or Enterprise license package.  

Packages

Standard

Pro

Enterprise

Cryptographic Security Platform

  • CSP Compliance Manager
  • CSP Public Key Infrastructure
  • CSP Key & Secrets Management

(tick) 

(tick) 

(tick) 

Enhanced PKI Services

  • CSP Certificate Enrollment Gateway
  • CSP CA Gateway
  • CSP Timestamping
  • CSP Validation Authority                         

(tick) 

(tick) 

CSP Certificate Manager (Discovery)

(tick) 

(tick) 

CSP Certificate Manager (Control)

(tick) 

Certificates

50

200

A custom amount as specified in an Entrust-issued quote

Vault Appliances

2

8

A custom amount as specified in an Entrust-issued quote

Compliance Manager Appliances

2

2

A custom amount as specified in an Entrust-issued quote

Standard Compliance Pack for Keys & Secrets

1

4

A custom amount as specified in an Entrust-issued quote

Standard Compliance Pack for Certificates

1

4

A custom amount as specified in an Entrust-issued quote

Third-Party Objects Under Compliance

250

1000

A custom amount as specified in an Entrust-issued quote

KMIP Objects

83

333

A custom amount as specified in an Entrust-issued quote

Cloud Keys

83

333

A custom amount as specified in an Entrust-issued quote

Secrets

84

334

A custom amount as specified in an Entrust-issued quote

Application Security Keys

16

66

A custom amount as specified in an Entrust-issued quote

TDE Databases

16

66

A custom amount as specified in an Entrust-issued quote

Virtual Machines

18

68

A custom amount as specified in an Entrust-issued quote

 The Customer will receive one or more license keys (“licenses”) to enable CSP features and the associated volumes of certificates, standard objects, enhanced objects, and third-party objects based on what the Customer has purchased. These licenses are subject to the following terms:

  • Once a digital certificate is issued, it is deemed consumed.
  • Once a standard or enhanced object is created, it is deemed consumed.
  • Once a third-party object is created, it is deemed consumed.
  • The Customer may not alter the license key or attempt to circumvent the licensing mechanism.

The Customer may only use a valid license key provided by Entrust with the corresponding CSP software component.  

Deployment

CSP may be deployed on the Customer’s own infrastructure and/or commercial cloud environments. Entrust strongly recommends keeping all deployments up to date with the latest product release.

Each CSP license specifies a deployment type, which is categorized either as production or test. If not explicitly specified, the license is considered production.

  • Production licenses allow CSP to be used in a production environment to issue and manage trusted digital certificates for Users.
  • Test licenses must be used exclusively in a non-production (test) environment to develop, integrate, and verify configuration changes before promoting them to production.

Each CSP license entitles Customer to deploy:

  • one cluster of CSP Compliance Manager appliances; and
  • multiple clusters of CSP Key & Secrets Management, CSP PKI, and (for Pro and Enterprise licenses) CSP Certificate Manager.

Plugins

CSP CA Gateway functionality can be extended, through plugins, to connect to additional CA types. The Customer is permitted to run plugins. These plugins may be:

  • Developed by Entrust (sold separately), or
  • Developed by the Customer or a third party, under a valid CSP CA Gateway SDK License, and recognized by Entrust (via digital signing).

Plugins are out-of-scope for the product warranty and Entrust support for CSP.

External Dependencies

CSP licenses do not include any embedded and/or internal databases and Hardware Security Modules (HSM). These components are external dependencies that must be provided, installed, and configured separately by the Customer prior to the operation of the CSP software.

Trade Compliance

CSP software contains cryptographic software components. The Customer’s country of operation may have import and export requirements that apply.

Standard Compliance Packs Limitations

The Standard Compliance Packs included with CSP Compliance Manager are provided to assist organizations in reviewing their cryptographic keys, secrets, and certificates against industry standards and best practices. While the Standard Compliance Packs will assist Customer, Entrust does not represent, warrant, or guarantee that their use will ensure, guarantee or confirm compliance with any particular industry standards and best practices or any specific policy, regulation, or other laws. It is Customer’s sole responsibility to validate all requirements and manage compliance of all relevant industry standards and best practices or any specific policy, standard, or regulation, or other laws (and to determine which of these are applicable to their activities). Entrust disclaims any liability arising from Customer's reliance on the Standard Compliance Packs.

Support and Record-Keeping

To ensure Entrust Customer Support is equipped to assist with issues reported, the Customer is expected to maintain reasonable records of the CSP deployment details including:

  • The production instances in use.
  • The environment(s) (on-premises or cloud) where those instances reside.