PKI Participants

Certification Authorities

The structure of the PKIaaS PKI environment is comprised of:

  • Root CAs. The Root CAs serve as the Customer's PKI trust anchors. The Common Name (CN) of each Online Root CA is defined by the Customer. The Root CAs issue Certificates to the Issuing CAs and OCSP services.

  • Issuing CAs. The Issuing CAs are subordinate to the Root CAs. The Issuing CAs are hosted and operated by PKIaaS. The Issuing CAs issue Certificates to or for Subscribers.

Registration Authorities

The RA is the person or entity that makes the decision on whether or not a certificate should be issued in response to a Subscriber request. RAs verify the identity of Applicants and submit certificate issuance requests on their behalf. They are responsible for the Applicant registration, identification and authentication processes.

RAs are external to PKIaaS and thus outside of the scope of this CPS. RAs interact with PKIaaS through published PKIaaS secure APIs. RAs typically use software applications that interface with the PKIaaS API and which provide specific functionality as applicable to the certificate use.
The Customer is the RA and is responsible for the identity verification of and certificate issuance to Subscribers.

Subscribers

Subscribers may use CA services, through an RA, to support transactions and communications.

The Customer is responsible for determining who may be a Subscriber and for determining which people, entities and devices may receive certificates.

Relying Parties

A Relying Party is an entity that relies on or uses a Certificate to verify the Subject's identity, the integrity of a digitally signed message, or to establish confidential communications with the Subject. The Relying Party is responsible for checking the validity of the Certificate using the appropriate Certificate Status Service ยง4.10.

The Customer is responsible for determining who may use issued certificates.

Entrust Policy Authority (Policy Authority)

Entrust is the Policy Authority, and is responsible for overseeing and setting policy and practices as applicable to this CPS.

Operational Authority.

Entrust is the Operational Authority (OA) and operates all Root and Issuing CA systems hosted and operated on behalf of Customers as part of PKIaaS. These systems issue and manage Certificates, Certificate Revocation Lists (CRLs) and OCSP responses issued in accordance with this CPS. The OA is responsible for:

  • Developing and submitting to the Policy Authority for review and approval, the CPS;

  • Responsible for all equipment and software, hosted by PKIaaS and required to operate the Customer's PKI; and

  • Ensuring that the CAs, Repository, and other PKI-related components hosted by PKIaaS are operated in accordance with this CPS.

Other Participants

No stipulation.