The following Entrust solutions support a Hardware Security Module (HSM) for cryptographic operations.

  • Certificate Authority (CA)
  • Timestamping Authority (TSA)
  • Validation Authority (EVA)

When integrating a Hardware Security Module (HSM):

  • You do not need to install the client drivers because the solution already includes this software. However, these client drivers cannot be updated.
  • You cannot use HSMs from different providers simultaneously, meaning that nShield and Thales HSMs cannot coexist within the same deployment.
  • You can only use 1/N card sets. A card set of, for example, 2/5 cards is not supported.
  • Changing the settings of an Entrust nShield HSM requires the steps described in Administrating nShield HSM integration.

 See the following table for supported versions.

Hardware

Client driver

Firmware

CA

TSA

VA

Entrust NShield Connect XC

13.6.3

12.60.15 & 12.60.2

(tick) 

(tick) 

(tick) 

Entrust NShield 5c

13.6.3

13.2.4

(tick) 

(tick) 

(tick) 

Thales Luna HSM 7

10.7.0

7.7.1-20

(error) 

(tick) 

(tick)