Sentry 4.0 contains four major components: Sentry CA (for certificate authority), Sentry RA (for registration authority), WebSentry, and the Xcert Development Kit. Sentry CA issues and manages certificates. Sentry RA provides distributed enrollment servers. WebSentry plugs in to existing Web servers to authenticate users with digital certificates. Finally, the Xcert Development Kit enables developers to integrate applications with PKI through an API.
Sentry 4.0 contains many new features, some of which bring it up to speed with other PKI products on the market and others which put it a little ahead of everything else. As with other offerings such as Baltimore UniCert and Entrust, Sentry supports automatic vetting, autonotification of certificate requests, automatic certificate renewal, Online Certificate Status Protocol, external LDAP directories, cryptographic hardware for secure CA key storage (Sentry ships with the Luna CA key storage product), and logging of all PKI operations. Unlike other offerings, Sentry supports suspending a certificate, trusting another CA, cross-validation of non-Xcert end-entity certificates (an end-entity is an end-user or server, anything that uses a certificate for authentication), and out-of-the-box compatibility with numerous leading Internet and e-commerce products.
Most PKI offerings today give two choices for certificate status: active or revoked, meaning the certificate is either usable or invalid. Sentry gives you a third option, suspended, which is reversible and makes the certificate temporarily invalid. This is useful when someone goes on leave or trading partnerships are temporarily stopped.
With partnerships and mergers occurring daily, multivendor PKI environments are a common occurrence. Sentry 4.0 can work with other CA products to enable you to validate your CA with a non-Xcert CA and rearrange at will the trust relationships between multiple internal and external CAs. Additionally, Sentry CA can instantly cross-validate users regardless of who has certified the identity of the user. This flexibility makes it very easy to incorporate trading partners or new companies into an existing Sentry CA infrastructure.
A PKI must, by its nature, interact with other applications and products. Xcert tests and "Xcertifies" third-party products for out-of-the-box compatibility with Sentry CA, without the use of proprietary plug-ins or protocols. Out-of-the-box compatibility removes the need for integration projects, which are often expensive and resource-intensive. Xcertified products include, among many others, Peerlogic i500, Check Point VPN-1, and Aventail Extranet Center.