In PKiaaS, customers have the following responsibilities.

Registration Authority

In PKIaaS, you and your company are the Registration Authority (RA). The RA is the person or entity that decides whether to issue a certificate in response to a Subscriber request. Specifically, RAs:

Verify the identity of applicants. They are responsible for the applicant registration, identification, and authentication processes.
Submit certificate issuance requests on their behalf.

To perform RA tasks, you will typically use software applications, such as the Entrust Certificate Enrollment Gateway, that interface with the PKIaaS API.

Subscribers

Subscribers are the end-users and entities that request and use certificates. Typical examples of Subscribers are

Employees or contractors and their devices,
Enterprise servers and infrastructure,
IoT devices.

As the RA, you are responsible for determining who may be a subscriber and determining which people, entities, and devices may receive certificates.

Relying parties

A relying party is an entity that uses a certificate, for example, to verify and identity. PKIaaS is tuned to support enterprise-level privately trusted certificates. You are responsible for assuring that relying parties perform the necessary certificate validity and status checks.

Entrust PKIaaS supports both CRL and OCSP checks.