A Gateway is a lightweight, container-based module implementing a CA-agnostic Certificate Lifecycle and Policy Management API. Using CA Gateway, your applications can implement certificate issuance, renewal, and revocation actions across all your Entrust-supported Certification Authorities (CAs). CA Gateway provides policy retrieval capabilities that applications can use to customize API and user-facing dialogs to ensure that certificate actions conform to organizational policies.
CA Gateway supports easy upgrades using container technology. We maintain backward compatibility on the API so you can upgrade CA Gateway without worrying that consuming applications will encounter API problems.
Supported Certificate Authorities
CA Gateway is compatible with the following Certificate Authorities.
Product | Version | Support Notes |
|---|---|---|
AWS ACM CA | CA Plugin for cert operations | |
Digicert CA | Service | Only supports domain-validated (DV) certificates |
EJBCA | Community Edition | |
Entrust Certificate Authority (ECA) | 8.3 | The Events API is not supported |
10.1.1 | ||
10.2 | ||
Entrust PKIaaS | Service | CSRs must be provided on enrollment |
GlobalSign | Service | Only GCC API. Only for testing purposes, not ready for production environments |
Microsoft Active Directory Certificate Authority | 2019, 2016, 2012 R2 | CSRs must be provided on enrollment |
Sectigo Certificate Authority | Service | Only supports TLS profiles. S/MIME profiles are not supported |
Open-source plugins compatible with CA Gateway
CA Gateway is compatible with the following open-source plugin.
The support is limited to the CA Gateway interoperation with the plugin.
Plugin | Version | Notes |
|---|---|---|
Entrust CA Gateway Vault Client | N/A | This is an Entrust open-source client for Hashicorp Vault that may be obtained from https://github.com/EntrustCorporation/CSP CA Gateway-vault-plugin |
Supported Platforms
CA Gateway is distributed and operates as a Docker container. Our objective in leveraging Docker is to allow customers to utilize the broad array of Docker capabilities, features, and plug-in drivers. Entrust will make reasonable efforts to support our CA Gateway product on the customer's chosen Docker deployment.
Platform | Version | Note |
|---|---|---|
Docker | 20.x | Operation as a Docker container is supported on all OS platforms supporting Docker. |
Supported HSM
CA Gateway on Docker supports the following hardware security modules (HSMs).
Hardware | Client driver | Firmware | Guide |
|---|---|---|---|
Entrust nShield Connect XC | 13.9.0 (FIPS 140-2 Level 3 mode supported) | 12.60.15 & 12.60.2 | CA Gateway 3.x - Entrust nShield Integration Guide |
Entrust nShield 5c | 13.9.0 | 13.2.4 | |
Thales Luna HSM 7 | 10.8.0 | 7.7.1-20 | CA Gateway 3.x - Thales Luna Integration Guide |
Thales TCT | 10.8.0 | 7.7.1-20 |
Log in trustedcare.entrust.com to download the integration guides.