CSP Validation Authority is an on-premises solution for checking the validity status of issued certificates before their expiration date. When deployed on PKI Hub, this Entrust solution adds the following to the Base installation integration report.
Certificate information sources supported by Validation Authority
Validation Authority supports the following sources of certificate status information:
- Entrust CA Gateway integrated with an Entrust Certificate Authority instance
- Certificate Revocation Lists (CRLs) issued by Entrust or third‑party certificate authorities
Hardware secure modules supported by Validation Authority
See the following table for supported versions.
Hardware | Client driver | Firmware |
|---|---|---|
Entrust nShield Connect XC | 13.6.3 (FIPS 140-2 Level 3 mode supported) | 12.60.15 & 12.60.2 |
Entrust nShield 5c | 13.6.3 | 13.2.4 |
Thales Luna HSM 7 | 10.7.0 | 7.7.1-20 |
General considerations:
- You do not need to install the client drivers because the solution already includes this software. However, these client drivers cannot be updated.
- You can only use 1/N card sets. A card set of, for example, 2/5 cards is not supported.
On high-availability installations with a cluster of several HSMs:
- You cannot use HSMs from different providers simultaneously, meaning that nShield and Thales HSMs cannot coexist within the same deployment.
- Entrust Validation Authority may experience the Thales TCT limitations described in the Thales TCT Universal Client Plugin Additional Information technical note dated May 28, 2025.
- Solutions using the HSMs must be redeployed after any loss of connection with the HSMs, such as after an HSM reboot.
Databases supported by Validation Authority
Validation Authority is tested with the following external databases.
Database vendor | Version |
|---|---|
PostgreSQL | 15 |
Oracle | 21.3.0-xe |
Microsoft SQL Server | 2019-CU15-ubuntu-20.04 |
2022-CU13-ubuntu-22.04 |