Products & Services



ECMS – Entrust Certificate Management Service

The Entrust Certificate Management Service is a self-service administration tool for buying and managing certificates. The tool acts as a centrally managed, self-service point-of-purchase, that reduces administrative overhead and decreases your risk of accidental certificate expiry. Self-service allows customers to synchronize and control the timing of certificate expiry as well as to pool or re-use certificates (depending on the type of account) for maximum usage.

Using the Certificate Management Service 

The service allows you to purchase and maintain an inventory of different types of certificates according to your needs. As your network grows and changes you can use these certificates to establish and maintain secure communication between devices, sign code, secure Adobe Acrobat or LiveCycle documents and forms, or secure email by signing and encrypting messages. The Certificate Management Service makes it easy for you to:

  • know how many certificates of each type are available for use
  • create and assign certificates
  • keep track of certificates used by client accounts
  • purchase or renew certificates
  • add or remove client domains
  • add or remove administrator accounts
  • delegate certificate request approval
  • approve certificate requests
  • use Entrust Discovery to obtain detailed information about certificates in your network


Pooling and non-pooling management models 

Certificates Your organization chose either the pooling or non-pooling model when you became a CMS user. In simplest terms, the non-pooling model is based in the number of certificates purchased, and the pooling model is based on the amount of certificate lifetime purchased. The model being used determines how administrators perform some tasks in the CMS.

  • CMS administrators for accounts where pooling or non-pooling models are used, can reissue certificates (depending on certificate type). However: – In non-pooling accounts, certificates can only be reissued within 30 days of their creation date. The exception is Secure Email certificates, which can be reissued at any time during their lifetime. – In pooling accounts Standard, Advantage, EV, UCC and Secure Email certificates can be re-issued at any time. CDS and Code Signing certificates can only be re-issued within 30 days of their creation date.
  • Administrators for accounts using either model can renew certificates.
  • Only CMS administrators for accounts using the pooling model can reuse and repurpose certificates. However, only Standard, Advantage, EV, and UCC certificates are returned to inventory and can be reused and repurposed. CDS, Code Signing, and Secure Email certificates are never returned to inventory after being deactivated