This section defines licensing terms and permitted uses for the Entrust PKI Hub appliance (“PKI Hub”), and its integrated features/functionalities:
- Certificate authority software – currently called PKI Hub Certificate Authorities (CAs).
- Enrollment services – currently called Certificate Enrollment Gateway (CEG).
- Online certificate status protocol – currently called Entrust Validation Authority (EVA).
- Timestamping – currently Timestamping Authority (TSA).
- Certificate lifecycle management – currently called Certificate Hub (Certhub).
- Certificate authority gateway – currently called CAGW).
In this Licensing section, the terms “Customer” and “the Customer” are used to reference an Entrust customer who has:
- purchased one or more PKI Hub licenses; or
- one of that customer’s internal Users who is authorized to access components or features of the PKI Hub in connection with the customer’s business.
In addition, the term “External User” refers to a user who is outside of the Customer organization and the Customer identifies as a required digital certificate user to enable communications between Customer and those External Users concerning Customer’s business.
PKI Hub is licensed for internal Customer use; however, the Customer is permitted to assign identities (uniquely identified end entities) and digital certificates to External Users solely to enable communications between Customer and those External Users concerning Customer’s business.
PKI Hub has three licensing models/types (X-Small, Small, and Medium), each of which includes different product functionalities/features. The functionalities/features included with each model/type are in the table below.
Features / Capabilities | X-SMALL | SMALL | MEDIUM |
|---|---|---|---|
Certificate Authorities |
|
|
|
CA Gateway |
|
|
|
OCSP (EVA) |
|
|
|
Timestamping |
|
|
|
Enrollment Services (CEG) |
|
|
|
CLM (Certificate Hub) Find |
|
|
|
CLM (Certificate Hub) Control |
|
|
|
In addition to the license models/types, PKI Hub is also licensed on the basis of digital certificate volume.
The Customer will receive one or more license key(s) (“licenses”) authorizing or enabling functions/features and certificate volumes based on what the Customer has purchased and subject to the following:
- once issued, digital certificates are deemed to be consumed,
- the Customer may not alter the license key, nor circumvent or attempt to circumvent the license mechanism,
- the Customer may only use a license key provided by Entrust in conjunction with the related Software component of the PKI Hub,
- PKI Hub may be deployed on the Customer's infrastructure and/or commercial cloud accounts. Entrust strongly advises that deployments be kept up to date with our latest product release.
Each PKI Hub license specifies a deployment type, which is categorized either as production or test. If a license is not specifically identified as production or test, it is considered a production license.
- Production licenses allow PKI Hub to be used in a production environment for the active provision of services to issue and manage trusted digital certificates to/for Customer internal and External Users.
- Test licenses require PKI Hub to be deployed and used exclusively in a test (non-production) environment to develop and/or verify integration and configuration changes prior to the promotion of those changes to the Customer production environment.
Each license may be used on multiple deployment clusters of the same type, for example, a test license can be used on multiple test clusters in a test environment.
PKI Hub can extend CAGW functionality, through plugins, to connect to additional CA types. The Customer is permitted to run plugins that are developed by:
- Entrust (sold separately); or
- the Customer or a third-party, pursuant to the CAGW SDK License and recognized (via digital signing) by Entrust.
Plugins are out-of-scope for the product warranty and Entrust support for PKI Hub.
The PKI Hub license explicitly excludes any embedded and/or internal databases and Hardware Security Modules (HSM). These components are external dependencies that must be provided, installed, and configured separately by the Customer prior to the operation of the PKI Hub software.
PKI Hub software contains cryptographic software components. The Customer’s country of operation may have import and export requirements that apply.
To ensure Entrust Customer Support is equipped to assist with issues reported, the Customer is expected to maintain reasonable records of the PKI Hub deployment details including:
- instances deployed in production.
- environment(s) in which production instances have been deployed (i.e. Customer infrastructure vs. cloud).
- certificates consumed/available.