The following Entrust solutions support a Hardware Security Module (HSM) for cryptographic operations.
- Certificate Authority (CAs)
- Timestamping Authority (TSA)
- Validation Authority (EVA)
See the following table for supported versions.
Provider | Hardware | Firmware version | CA | TSA | VA |
|---|---|---|---|---|---|
Entrust nShield
| NShield Connect XC
| 12.60.15 |
|
|
|
12.72.1 |
|
|
| ||
12.72.3 |
|
|
| ||
Entrust Shield
| NShield 5c
| 13.5.1 |
|
|
|
13.2.4 |
|
|
| ||
13.4.5 |
|
|
| ||
Thales
| Thales Luna HSM7
| 7.8.4 |
|
|
|
7.7.0 |
|
|
| ||
7.7.1 |
|
|
| ||
7.7.1-20 |
|
|
| ||
7.7.2 |
|
|
|
When integrating a Hardware Security Module (HSM):
- You cannot use HSMs from different providers simultaneously, meaning that nShield and Thales HSMs cannot coexist within the same deployment.
- You can only use 1/N card sets. A card set of, for example, 2/5 cards is not supported.
You do not need to install the client drivers because the solution already includes this software. However, these client drivers cannot be updated.
- Changing the settings of an Entrust nShield HSM requires the steps described in Administrating nShield HSM integration.