Introduction

The Entrust Certificate Authority is a Public-Key Infrastructure (PKI) solution. The Entrust nShield Hardware Security Module (HSM) securely store and manage encryption keys. This document describes how to integrate both for added security of your PKI.

The Entrust nShield HSM is available as an appliance or nShield as a service (nSaaS).

Product configuration

The integration between the Entrust nShield HSM and Entrust Certificate Authority has been successfully tested in the following configurations:

Product	Version
Entrust Certificate Authority	v10.2.11.29
Operating System	Windows Server 2022
PostgreSQL Database	15.2.0.27

Product

Version

Entrust Certificate Authority

v10.2.11.29

Operating System

Windows Server 2022

PostgreSQL Database

15.2.0.27

Supported nShield hardware and software versions

Entrust successfully tested with several nShield hardware and software versions.

OCS and Softcard protection was tested in all configurations. Module-protected keys are not supported in Entrust Security Manager v10.0 and later versions.

HSM	Security World Software	Firmware	Netimage
nSaaS	13.6.5	12.72.1 (FIPS 140-2 certified)	12.80.5
Connect XC	13.6.5	12.50.11 (FIPS 140-2 certified) 12.72.1 (FIPS 140-2 certified) 12.72.3 (FIPS 140-2 certified)	13.6.5
Solo XC	13.6.5	12.72.3 (FIPS 140-2 certified)
nShield 5c	13.6.5	13.4.5 (FIPS 140-3 certified)	13.6.5
nShield 5s	13.6.5	13.4.5 (FIPS 140-3 certified)
nShield Edge	13.6.5	12.50.8 (FIPS 140-2 certified)

Requirements

To integrate the Entrust Certificate Authority and the Entrust nShield HSM you require:

Access to the Entrust TrustedCare Portal.
A directory service. See SIC-Entrust Certificate Authority 10.2.pdf located in the Documents tab at Product Support Center for Authority for supported directories.
A dedicated server or virtual appliance for the installation.

Familiarize yourself with:

The Entrust Certificate Authority documentation in the Documents tab of Product Support Center for Authority.
The Entrust nShield Product Documentation.
Your organizational Certificate Policy, Certificate Practice Statement, and a Security Policy or Procedure in place covering administration of the PKI and HSM:
- The number and quorum of administrator cards in the Administrator Card Set (ACS) and the policy for managing these cards.
- The number and quorum of operator cards in the Operator Card Set (OCS) and the policy for managing these cards.
- The keys protection method: Module, Softcard, or OCS.
- The level of compliance for the Security World, FIPS 140 Level 3.
- Key attributes such as key size, time-out, or needed for auditing key usage.