Entrust@YourService is a managed variety of Entrust/Authority. The services and plug-ins Entrust offers for Authority, including the Web Connector and VPN Connector applications, are not yet included in Entrust@YourService, though the company says these will be made available in future releases. Entrust's big claim to fame is the advanced certificate life-cycle management it provides. Automated certificate and key updates, automated key escrow, automatic revocation checking, and other services required to roll out a PKI earned Entrust top scores in our features and certificate life-cycle categories. This functionality, however, comes at a price: You must purchase, install and manage Entrust client software on every computer. Support for unmanaged certificates or certificates used without Entrust client support should be available soon, if they're not already.

Entrust installs each CA on a shared Solaris server (as many as five CAs per server), each with its own Chrysalis-ITS high-security module to hold the private keys. The CAs are configured according to the security policy developed by you with one of Entrust's engineers. All the LRAs need be concerned with is certificate management. Changes to the CA configuration must be requested in writing and sent to the security officer assigned to your account. Time frames for changes depend on the type of changes to be made. For example, simple policy changes can take less than 24 hours, while more complex policy changes can take longer, either because an Entrust security office needs to approve the change or because the change may need to wait for the scheduled downtime.

Entrust@YourService (screen view) Click here to enlarge

Entrust@YourService is managed via a Web front end and requires Entrust Direct to authenticate and secure the session with the RA (registration authority) in Entrust's secure facility. Once the first LRA is configured, users can register through a customized page. In our test, we had users fill out just a few fields, such as first and last name, e-mail address, and a password, to retrieve the certificate. Once the request is made, the LRA approves it and the user receives via e-mail a URL where he or she can pick up the certificate. At this point, a key pair and digital certificate and an Entrust Profile file are generated and stored on the hard drive. We were able to send and receive secure e-mail using the plug-in for Outlook.

Applications that are Entrust-ready can request and be issued digital certificates, which makes installation, integration and certificate life-cycle management a snap and removes much of the overhead involved with ongoing PKI functions found in VeriSign's or Baltimore's solutions.

Entrust@YourService. Available: Now. Entrust Technologies, (972) 943-7300; fax (972) 943-7305. http://archive.entrust.com/yourservice/introduction.htm