diff --git a/.travis.yml b/.travis.yml
index f1abf3f3..f38555a0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,6 +20,8 @@ cache:
 env:
   global:
     - PIP_DOWNLOAD_CACHE=".pip_download_cache"
+    # The following line is a temporary workaround for this issue: https://github.com/pypa/setuptools/issues/2230
+    - SETUPTOOLS_USE_DISTUTILS=stdlib
     # do not load /etc/boto.cfg with Python 3 incompatible plugin
     # https://github.com/travis-ci/travis-ci/issues/5246#issuecomment-166460882
     - BOTO_CONFIG=/doesnotexist
diff --git a/Makefile b/Makefile
index 069eb29b..3312a41d 100644
--- a/Makefile
+++ b/Makefile
@@ -50,8 +50,10 @@ reset-db:
 
 setup-git:
 	@echo "--> Installing git hooks"
-	git config branch.autosetuprebase always
-	cd .git/hooks && ln -sf ../../hooks/* ./
+	if [ -d .git/hooks ]; then \
+		git config branch.autosetuprebase always; \
+		cd .git/hooks && ln -sf ../../hooks/* ./; \
+	fi
 	@echo ""
 
 clean:
diff --git a/docs/administration.rst b/docs/administration.rst
index 846a4c34..a3225fc2 100644
--- a/docs/administration.rst
+++ b/docs/administration.rst
@@ -172,15 +172,16 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
         PUBLIC_CA_MAX_VALIDITY_DAYS = 365
 
 
-.. data:: DEFAULT_MAX_VALIDITY_DAYS
+.. data:: DEFAULT_VALIDITY_DAYS
     :noindex:
-        Use this config to override the default limit of 1095 days (3 years) of validity. Any CA which is not listed in
-        PUBLIC_CA_AUTHORITY_NAMES will be using this validity to display date range on UI. Below example overrides the
-        default validity of 1095 days and sets it to 365 days.
+        Use this config to override the default validity of 365 days for certificates offered through Lemur UI. Any CA which
+        is not listed in PUBLIC_CA_AUTHORITY_NAMES will be using this value as default validity to be displayed on UI. Please
+        note that this config is used for cert issuance only through Lemur UI. Below example overrides the default validity
+        of 365 days and sets it to 1095 days (3 years).
 
     ::
 
-        DEFAULT_MAX_VALIDITY_DAYS = 365
+        DEFAULT_VALIDITY_DAYS = 1095
 
 
 .. data:: DEBUG_DUMP
@@ -652,13 +653,20 @@ Active Directory Certificate Services Plugin
     :noindex:
 
         Template to be used for certificate issuing. Usually display name w/o spaces
+        
+.. data:: ADCS_TEMPLATE_<upper(authority.name)>
+    :noindex:
 
+        If there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template else default to ADCS_TEMPLATE to be compatible with former versions. Template to be used for certificate issuing. Usually display name w/o spaces
 
 .. data:: ADCS_START
     :noindex:
+        Used in ADCS-Sourceplugin. Minimum id of the first certificate to be returned. ID is increased by one until ADCS_STOP. Missing cert-IDs are ignored
 
 .. data:: ADCS_STOP
     :noindex:
+        Used for ADCS-Sourceplugin. Maximum id of the certificates returned. 
+        
 
 .. data:: ADCS_ISSUING
     :noindex:
@@ -671,6 +679,68 @@ Active Directory Certificate Services Plugin
 
         Contains the root cert of the CA
 
+Entrust Plugin
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Enables the creation of Entrust certificates. You need to set the API access up with Entrust support. Check the information in the Entrust Portal as well. 
+Certificates are created as "SERVER_AND_CLIENT_AUTH".
+Caution: Sometimes the entrust API does not respond in a timely manner. This error is handled and reported by the plugin. Should this happen you just have to hit the create button again after to create a valid certificate. 
+The following parameters have to be set in the configuration files.
+
+.. data:: ENTRUST_URL
+    :noindex:
+    
+       This is the url for the Entrust API. Refer to the API documentation.
+       
+.. data:: ENTRUST_API_CERT
+    :noindex:
+    
+       Path to the certificate file in PEM format. This certificate is created in the onboarding process. Refer to the API documentation.
+       
+.. data:: ENTRUST_API_KEY
+    :noindex:
+    
+       Path to the key file in RSA format. This certificate is created in the onboarding process. Refer to the API documentation. Caution: the request library cannot handle encrypted keys. The keyfile therefore has to contain the unencrypted key. Please put this in a secure location on the server.
+       
+.. data:: ENTRUST_API_USER
+    :noindex:
+    
+       String with the API user. This user is created in the onboarding process. Refer to the API documentation.   
+       
+.. data:: ENTRUST_API_PASS
+    :noindex:
+    
+       String with the password for the API user. This password is created in the onboarding process. Refer to the API documentation.
+
+.. data:: ENTRUST_NAME
+    :noindex:
+    
+        String with the name that should appear as certificate owner in the Entrust portal. Refer to the API documentation.
+
+.. data:: ENTRUST_EMAIL
+    :noindex:
+    
+        String with the email address that should appear as certificate contact email in the Entrust portal. Refer to the API documentation.       
+
+.. data:: ENTRUST_PHONE
+    :noindex:
+    
+        String with the phone number that should appear as certificate contact in the Entrust portal. Refer to the API documentation.        
+
+.. data:: ENTRUST_ISSUING
+    :noindex:
+    
+        Contains the issuing cert of the CA
+
+.. data:: ENTRUST_ROOT
+    :noindex:
+    
+        Contains the root cert of the CA
+
+.. data:: ENTRUST_PRODUCT_<upper(authority.name)>
+    :noindex:
+
+        If there is a config variable ENTRUST_PRODUCT_<upper(authority.name)> take the value as cert product name else default to "STANDARD_SSL". Refer to the API documentation for valid products names.
 
 Verisign Issuer Plugin
 ~~~~~~~~~~~~~~~~~~~~~~
diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py
index 0700c15b..ef6263a8 100644
--- a/lemur/authorities/schemas.py
+++ b/lemur/authorities/schemas.py
@@ -23,6 +23,7 @@ from lemur.common.schema import LemurInputSchema, LemurOutputSchema
 from lemur.common import validators, missing
 
 from lemur.common.fields import ArrowDateTime
+from lemur.constants import CERTIFICATE_KEY_TYPES
 
 
 class AuthorityInputSchema(LemurInputSchema):
@@ -56,11 +57,12 @@ class AuthorityInputSchema(LemurInputSchema):
     type = fields.String(validate=validate.OneOf(["root", "subca"]), missing="root")
     parent = fields.Nested(AssociatedAuthoritySchema)
     signing_algorithm = fields.String(
-        validate=validate.OneOf(["sha256WithRSA", "sha1WithRSA"]),
+        validate=validate.OneOf(["sha256WithRSA", "sha1WithRSA",
+                                 "sha256WithECDSA", "SHA384withECDSA", "SHA512withECDSA"]),
         missing="sha256WithRSA",
     )
     key_type = fields.String(
-        validate=validate.OneOf(["RSA2048", "RSA4096"]), missing="RSA2048"
+        validate=validate.OneOf(CERTIFICATE_KEY_TYPES), missing="RSA2048"
     )
     key_name = fields.String()
     sensitivity = fields.String(
@@ -110,6 +112,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
     not_after = fields.DateTime()
     not_before = fields.DateTime()
     max_issuance_days = fields.Integer()
+    default_validity_days = fields.Integer()
     owner = fields.Email()
     status = fields.Boolean()
     user = fields.Nested(UserNestedOutputSchema)
@@ -135,7 +138,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
     owner = fields.Email()
     plugin = fields.Nested(PluginOutputSchema)
     active = fields.Boolean()
-    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days"])
+    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days", "default_validity_days"])
 
 
 authority_update_schema = AuthorityUpdateSchema()
diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
index 5f6c4ba9..675cecb4 100644
--- a/lemur/certificates/models.py
+++ b/lemur/certificates/models.py
@@ -9,9 +9,10 @@ from datetime import timedelta
 
 import arrow
 from cryptography import x509
-from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.asymmetric import rsa, ec
 from flask import current_app
 from idna.core import InvalidCodepoint
+from lemur.common.utils import get_key_type_from_ec_curve
 from sqlalchemy import (
     event,
     Integer,
@@ -302,6 +303,8 @@ class Certificate(db.Model):
             return "RSA{key_size}".format(
                 key_size=self.parsed_cert.public_key().key_size
             )
+        elif isinstance(self.parsed_cert.public_key(), ec.EllipticCurvePublicKey):
+            return get_key_type_from_ec_curve(self.parsed_cert.public_key().curve.name)
 
     @property
     def validity_remaining(self):
@@ -317,7 +320,13 @@ class Certificate(db.Model):
         if self.name.lower() in [ca.lower() for ca in public_CA]:
             return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
 
-        return current_app.config.get("DEFAULT_MAX_VALIDITY_DAYS", 1095)   # 3 years default
+    @property
+    def default_validity_days(self):
+        public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
+        if self.name.lower() in [ca.lower() for ca in public_CA]:
+            return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
+
+        return current_app.config.get("DEFAULT_VALIDITY_DAYS", 365)   # 1 year default
 
     @property
     def subject(self):
diff --git a/lemur/certificates/schemas.py b/lemur/certificates/schemas.py
index 42e444bc..56c91196 100644
--- a/lemur/certificates/schemas.py
+++ b/lemur/certificates/schemas.py
@@ -148,6 +148,13 @@ class CertificateInputSchema(CertificateCreationSchema):
                 data["extensions"]["subAltNames"]["names"] = []
 
             data["extensions"]["subAltNames"]["names"] = csr_sans
+
+            common_name = cert_utils.get_cn_from_csr(data["csr"])
+            if common_name:
+                data["common_name"] = common_name
+            key_type = cert_utils.get_key_type_from_csr(data["csr"])
+            if key_type:
+                data["key_type"] = key_type
         return missing.convert_validity_years(data)
 
 
diff --git a/lemur/certificates/utils.py b/lemur/certificates/utils.py
index 4e6cc4f1..e642e058 100644
--- a/lemur/certificates/utils.py
+++ b/lemur/certificates/utils.py
@@ -12,6 +12,8 @@ Utils to parse certificate data.
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from marshmallow.exceptions import ValidationError
+from cryptography.hazmat.primitives.asymmetric import rsa, ec
+from lemur.common.utils import get_key_type_from_ec_curve
 
 
 def get_sans_from_csr(data):
@@ -39,3 +41,45 @@ def get_sans_from_csr(data):
         pass
 
     return sub_alt_names
+
+
+def get_cn_from_csr(data):
+    """
+    Fetches common name (CN) from CSR.
+    Works with any kind of SubjectAlternativeName
+    :param data: PEM-encoded string with CSR
+    :return: the common name
+    """
+    try:
+        request = x509.load_pem_x509_csr(data.encode("utf-8"), default_backend())
+    except Exception:
+        raise ValidationError("CSR presented is not valid.")
+
+    common_name = request.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)
+    return common_name[0].value
+
+
+def get_key_type_from_csr(data):
+    """
+    Fetches key_type from CSR.
+    Works with any kind of SubjectAlternativeName
+    :param data: PEM-encoded string with CSR
+    :return: key_type
+    """
+    try:
+        request = x509.load_pem_x509_csr(data.encode("utf-8"), default_backend())
+    except Exception:
+        raise ValidationError("CSR presented is not valid.")
+
+    try:
+        if isinstance(request.public_key(), rsa.RSAPublicKey):
+            return "RSA{key_size}".format(
+                key_size=request.public_key().key_size
+            )
+        elif isinstance(request.public_key(), ec.EllipticCurvePublicKey):
+            return get_key_type_from_ec_curve(request.public_key().curve.name)
+        else:
+            raise Exception("Unsupported key type")
+
+    except NotImplemented:
+        raise NotImplemented()
diff --git a/lemur/common/utils.py b/lemur/common/utils.py
index c33722b2..01cc64ae 100644
--- a/lemur/common/utils.py
+++ b/lemur/common/utils.py
@@ -114,6 +114,39 @@ def get_authority_key(body):
     return authority_key.hex()
 
 
+def get_key_type_from_ec_curve(curve_name):
+    """
+    Give an EC curve name, return the matching key_type.
+
+    :param: curve_name
+    :return: key_type
+    """
+
+    _CURVE_TYPES = {
+        ec.SECP192R1().name: "ECCPRIME192V1",
+        ec.SECP256R1().name: "ECCPRIME256V1",
+        ec.SECP224R1().name: "ECCSECP224R1",
+        ec.SECP384R1().name: "ECCSECP384R1",
+        ec.SECP521R1().name: "ECCSECP521R1",
+        ec.SECP256K1().name: "ECCSECP256K1",
+        ec.SECT163K1().name: "ECCSECT163K1",
+        ec.SECT233K1().name: "ECCSECT233K1",
+        ec.SECT283K1().name: "ECCSECT283K1",
+        ec.SECT409K1().name: "ECCSECT409K1",
+        ec.SECT571K1().name: "ECCSECT571K1",
+        ec.SECT163R2().name: "ECCSECT163R2",
+        ec.SECT233R1().name: "ECCSECT233R1",
+        ec.SECT283R1().name: "ECCSECT283R1",
+        ec.SECT409R1().name: "ECCSECT409R1",
+        ec.SECT571R1().name: "ECCSECT571R2",
+    }
+
+    if curve_name in _CURVE_TYPES.keys():
+        return _CURVE_TYPES[curve_name]
+    else:
+        return None
+
+
 def generate_private_key(key_type):
     """
     Generates a new private key based on key_type.
@@ -128,11 +161,11 @@ def generate_private_key(key_type):
     """
 
     _CURVE_TYPES = {
-        "ECCPRIME192V1": ec.SECP192R1(),
-        "ECCPRIME256V1": ec.SECP256R1(),
-        "ECCSECP192R1": ec.SECP192R1(),
+        "ECCPRIME192V1": ec.SECP192R1(),  # duplicate
+        "ECCPRIME256V1": ec.SECP256R1(),  # duplicate
+        "ECCSECP192R1": ec.SECP192R1(),  # duplicate
         "ECCSECP224R1": ec.SECP224R1(),
-        "ECCSECP256R1": ec.SECP256R1(),
+        "ECCSECP256R1": ec.SECP256R1(),  # duplicate
         "ECCSECP384R1": ec.SECP384R1(),
         "ECCSECP521R1": ec.SECP521R1(),
         "ECCSECP256K1": ec.SECP256K1(),
diff --git a/lemur/common/validators.py b/lemur/common/validators.py
index 74095255..e1dfe3c1 100644
--- a/lemur/common/validators.py
+++ b/lemur/common/validators.py
@@ -152,18 +152,6 @@ def dates(data):
                         data["authority"].authority_certificate.not_after
                     )
                 )
-            # Allow no more than PUBLIC_CA_MAX_VALIDITY_DAYS (Default: 397) days of validity
-            # for certs issued by public CA
-            # The list of public issuers can be managed through a config named PUBLIC_CA
-            public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
-            if data["authority"].name.lower() in [ca.lower() for ca in public_CA]:
-                max_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
-                if (
-                    (data.get("validity_end").date() - data.get("validity_start").date()).days
-                    > max_validity_days
-                ):
-                    raise ValidationError("Certificate cannot be valid for more than " +
-                                          str(max_validity_days) + " days")
 
     return data
 
diff --git a/lemur/plugins/lemur_adcs/plugin.py b/lemur/plugins/lemur_adcs/plugin.py
index a69afc90..4b4eb20c 100644
--- a/lemur/plugins/lemur_adcs/plugin.py
+++ b/lemur/plugins/lemur_adcs/plugin.py
@@ -40,7 +40,10 @@ class ADCSIssuerPlugin(IssuerPlugin):
         adcs_user = current_app.config.get("ADCS_USER")
         adcs_pwd = current_app.config.get("ADCS_PWD")
         adcs_auth_method = current_app.config.get("ADCS_AUTH_METHOD")
-        adcs_template = current_app.config.get("ADCS_TEMPLATE")
+        # if there is a config variable ADCS_TEMPLATE_<upper(authority.name)> take the value as Cert template
+        # else default to ADCS_TEMPLATE to be compatible with former versions
+        authority = issuer_options.get("authority").name.upper()
+        adcs_template = current_app.config.get("ADCS_TEMPLATE_{0}".format(authority), current_app.config.get("ADCS_TEMPLATE"))
         ca_server = Certsrv(
             adcs_server, adcs_user, adcs_pwd, auth_method=adcs_auth_method
         )
diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py
index fd8c4e2d..3948acbb 100644
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@@ -18,8 +18,9 @@ import json
 import arrow
 import pem
 import requests
+import sys
 from cryptography import x509
-from flask import current_app
+from flask import current_app, g
 from lemur.common.utils import validate_conf
 from lemur.extensions import metrics
 from lemur.plugins import lemur_digicert as digicert
@@ -129,6 +130,9 @@ def map_fields(options, csr):
         data["validity_years"] = determine_validity_years(options.get("validity_years"))
     elif options.get("validity_end"):
         data["custom_expiration_date"] = determine_end_date(options.get("validity_end")).format("YYYY-MM-DD")
+        # check if validity got truncated. If resultant validity is not equal to requested validity, it just got truncated
+        if data["custom_expiration_date"] != options.get("validity_end").format("YYYY-MM-DD"):
+            log_validity_truncation(options, f"{__name__}.{sys._getframe().f_code.co_name}")
     else:
         data["validity_years"] = determine_validity_years(0)
 
@@ -154,6 +158,9 @@ def map_cis_fields(options, csr):
         validity_end = determine_end_date(arrow.utcnow().shift(years=options["validity_years"]))
     elif options.get("validity_end"):
         validity_end = determine_end_date(options.get("validity_end"))
+        # check if validity got truncated. If resultant validity is not equal to requested validity, it just got truncated
+        if validity_end != options.get("validity_end"):
+            log_validity_truncation(options, f"{__name__}.{sys._getframe().f_code.co_name}")
     else:
         validity_end = determine_end_date(False)
 
@@ -179,6 +186,18 @@ def map_cis_fields(options, csr):
     return data
 
 
+def log_validity_truncation(options, function):
+    log_data = {
+        "cn": options["common_name"],
+        "creator": g.user.username
+    }
+    metrics.send("digicert_validity_truncated", "counter", 1, metric_tags=log_data)
+
+    log_data["function"] = function
+    log_data["message"] = "Digicert Plugin truncated the validity of certificate"
+    current_app.logger.info(log_data)
+
+
 def handle_response(response):
     """
     Handle the DigiCert API response and any errors it might have experienced.
diff --git a/lemur/plugins/lemur_entrust/__init__.py b/lemur/plugins/lemur_entrust/__init__.py
new file mode 100644
index 00000000..b902ed7a
--- /dev/null
+++ b/lemur/plugins/lemur_entrust/__init__.py
@@ -0,0 +1,5 @@
+"""Set the version information."""
+try:
+    VERSION = __import__("pkg_resources").get_distribution(__name__).version
+except Exception as e:
+    VERSION = "unknown"
diff --git a/lemur/plugins/lemur_entrust/plugin.py b/lemur/plugins/lemur_entrust/plugin.py
new file mode 100644
index 00000000..315da8bd
--- /dev/null
+++ b/lemur/plugins/lemur_entrust/plugin.py
@@ -0,0 +1,228 @@
+from lemur.plugins.bases import IssuerPlugin, SourcePlugin
+import arrow
+import requests
+import json
+from lemur.plugins import lemur_entrust as ENTRUST
+from flask import current_app
+from lemur.extensions import metrics
+from lemur.common.utils import validate_conf
+
+
+def log_status_code(r, *args, **kwargs):
+    """
+    Is a request hook that logs all status codes to the ENTRUST api.
+
+    :param r:
+    :param args:
+    :param kwargs:
+    :return:
+    """
+    metrics.send("ENTRUST_status_code_{}".format(r.status_code), "counter", 1)
+
+
+def determine_end_date(end_date):
+    """
+    Determine appropriate end date
+    :param end_date:
+    :return: validity_end
+    """
+    # ENTRUST only allows 13 months of max certificate duration
+    max_validity_end = arrow.utcnow().shift(years=1, months=+1).format('YYYY-MM-DD')
+
+    if not end_date:
+        end_date = max_validity_end
+
+    if end_date > max_validity_end:
+        end_date = max_validity_end
+    return end_date
+
+
+def process_options(options):
+    """
+    Processes and maps the incoming issuer options to fields/options that
+    Entrust understands
+
+    :param options:
+    :return: dict of valid entrust options
+    """
+    # if there is a config variable ENTRUST_PRODUCT_<upper(authority.name)>
+    # take the value as Cert product-type
+    # else default to "STANDARD_SSL"
+    authority = options.get("authority").name.upper()
+    product_type = current_app.config.get("ENTRUST_PRODUCT_{0}".format(authority), "STANDARD_SSL")
+
+    if options.get("validity_end"):
+        validity_end = determine_end_date(options.get("validity_end"))
+    else:
+        validity_end = determine_end_date(False)
+
+    tracking_data = {
+        "requesterName": current_app.config.get("ENTRUST_NAME"),
+        "requesterEmail": current_app.config.get("ENTRUST_EMAIL"),
+        "requesterPhone": current_app.config.get("ENTRUST_PHONE")
+    }
+
+    data = {
+        "signingAlg": "SHA-2",
+        "eku": "SERVER_AND_CLIENT_AUTH",
+        "certType": product_type,
+        "certExpiryDate": validity_end,
+        "tracking": tracking_data
+    }
+    return data
+
+
+def handle_response(my_response):
+    """
+    Helper function for parsing responses from the Entrust API.
+    :param content:
+    :return: :raise Exception:
+    """
+    msg = {
+        200: "The request had the validateOnly flag set to true and validation was successful.",
+        201: "Certificate created",
+        202: "Request accepted and queued for approval",
+        400: "Invalid request parameters",
+        404: "Unknown jobId",
+        429: "Too many requests"
+    }
+    try:
+        d = json.loads(my_response.content)
+    except Exception as e:
+        # catch an empty jason object here
+        d = {'errors': 'No detailled message'}
+    s = my_response.status_code
+    if s > 399:
+        raise Exception("ENTRUST error: {0}\n{1}".format(msg.get(s, s), d['errors']))
+    current_app.logger.info("Response: {0}, {1} ".format(s, d))
+    return d
+
+
+class EntrustIssuerPlugin(IssuerPlugin):
+    title = "ENTRUST"
+    slug = "entrust-issuer"
+    description = "Enables the creation of certificates by ENTRUST"
+    version = ENTRUST.VERSION
+
+    author = "sirferl"
+    author_url = "https://github.com/sirferl/lemur"
+
+    def __init__(self, *args, **kwargs):
+        """Initialize the issuer with the appropriate details."""
+        required_vars = [
+            "ENTRUST_API_CERT",
+            "ENTRUST_API_KEY",
+            "ENTRUST_API_USER",
+            "ENTRUST_API_PASS",
+            "ENTRUST_URL",
+            "ENTRUST_ROOT",
+            "ENTRUST_NAME",
+            "ENTRUST_EMAIL",
+            "ENTRUST_PHONE",
+            "ENTRUST_ISSUING",
+        ]
+        validate_conf(current_app, required_vars)
+
+        self.session = requests.Session()
+        cert_file = current_app.config.get("ENTRUST_API_CERT")
+        key_file = current_app.config.get("ENTRUST_API_KEY")
+        user = current_app.config.get("ENTRUST_API_USER")
+        password = current_app.config.get("ENTRUST_API_PASS")
+        self.session.cert = (cert_file, key_file)
+        self.session.auth = (user, password)
+        self.session.hooks = dict(response=log_status_code)
+        # self.session.config['keep_alive'] = False
+        super(EntrustIssuerPlugin, self).__init__(*args, **kwargs)
+
+    def create_certificate(self, csr, issuer_options):
+        """
+        Creates an Entrust certificate.
+
+        :param csr:
+        :param issuer_options:
+        :return: :raise Exception:
+        """
+        current_app.logger.info(
+            "Requesting options: {0}".format(issuer_options)
+        )
+
+        url = current_app.config.get("ENTRUST_URL") + "/certificates"
+
+        data = process_options(issuer_options)
+        data["csr"] = csr
+
+        try:
+            response = self.session.post(url, json=data, timeout=(15, 40))
+        except requests.exceptions.Timeout:
+            raise Exception("Timeout for POST")
+        except requests.exceptions.RequestException as e:
+            raise Exception("Error for POST {0}".format(e))
+
+        response_dict = handle_response(response)
+        external_id = response_dict['trackingId']
+        cert = response_dict['endEntityCert']
+        chain = response_dict['chainCerts'][1]
+        current_app.logger.info(
+            "Received Chain: {0}".format(chain)
+        )
+
+        return cert, chain, external_id
+
+    def revoke_certificate(self, certificate, comments):
+        """Revoke a Digicert certificate."""
+        base_url = current_app.config.get("ENTRUST_URL")
+
+        # make certificate revoke request
+        revoke_url = "{0}/certificates/{1}/revocations".format(
+            base_url, certificate.external_id
+        )
+        metrics.send("entrust_revoke_certificate", "counter", 1)
+        if comments == '' or not comments:
+            comments = "revoked via API"
+        data = {
+            "crlReason": "superseded",
+            "revocationComment": comments
+        }
+        response = self.session.post(revoke_url, json=data)
+
+        data = handle_response(response)
+
+    @staticmethod
+    def create_authority(options):
+        """Create an authority.
+        Creates an authority, this authority is then used by Lemur to
+        allow a user to specify which Certificate Authority they want
+        to sign their certificate.
+
+        :param options:
+        :return:
+        """
+        entrust_root = current_app.config.get("ENTRUST_ROOT")
+        entrust_issuing = current_app.config.get("ENTRUST_ISSUING")
+        role = {"username": "", "password": "", "name": "entrust"}
+        current_app.logger.info("Creating Auth: {0} {1}".format(options, entrust_issuing))
+        return entrust_root, "", [role]
+
+    def get_ordered_certificate(self, order_id):
+        raise NotImplementedError("Not implemented\n", self, order_id)
+
+    def canceled_ordered_certificate(self, pending_cert, **kwargs):
+        raise NotImplementedError("Not implemented\n", self, pending_cert, **kwargs)
+
+
+class EntrustSourcePlugin(SourcePlugin):
+    title = "ENTRUST"
+    slug = "entrust-source"
+    description = "Enables the collecion of certificates"
+    version = ENTRUST.VERSION
+
+    author = "sirferl"
+    author_url = "https://github.com/sirferl/lemur"
+
+    def get_certificates(self, options, **kwargs):
+        # Not needed for ENTRUST
+        raise NotImplementedError("Not implemented\n", self, options, **kwargs)
+
+    def get_endpoints(self, options, **kwargs):
+        # There are no endpoints in ENTRUST
+        raise NotImplementedError("Not implemented\n", self, options, **kwargs)
diff --git a/lemur/static/app/angular/authorities/authority/options.tpl.html b/lemur/static/app/angular/authorities/authority/options.tpl.html
index dbc4f40a..bf1ad70c 100644
--- a/lemur/static/app/angular/authorities/authority/options.tpl.html
+++ b/lemur/static/app/angular/authorities/authority/options.tpl.html
@@ -4,7 +4,7 @@
       Signing Algorithm
     </label>
     <div class="col-sm-10">
-      <select class="form-control" ng-model="authority.signingAlgorithm" ng-options="option for option in ['sha1WithRSA', 'sha256WithRSA']" ng-init="authority.signingAlgorithm = 'sha256WithRSA'"></select>
+      <select class="form-control" ng-model="authority.signingAlgorithm" ng-options="option for option in ['sha1WithRSA', 'sha256WithRSA', 'sha256WithECDSA', 'SHA384withECDSA', 'SHA512withECDSA']" ng-init="authority.signingAlgorithm = 'sha256WithRSA'"></select>
     </div>
   </div>
   <div class="form-group">
diff --git a/lemur/static/app/angular/certificates/certificate/certificate.js b/lemur/static/app/angular/certificates/certificate/certificate.js
index 155658e6..6b275328 100644
--- a/lemur/static/app/angular/certificates/certificate/certificate.js
+++ b/lemur/static/app/angular/certificates/certificate/certificate.js
@@ -107,7 +107,6 @@ angular.module('lemur')
       startingDay: 1
     };
 
-
     $scope.open1 = function() {
       $scope.popup1.opened = true;
     };
@@ -140,6 +139,14 @@ angular.module('lemur')
     );
 
     $scope.create = function (certificate) {
+      if(certificate.validityType === 'customDates' &&
+          (!certificate.validityStart || !certificate.validityEnd)) { // these are not mandatory fields in schema, thus handling validation in js
+          return showMissingDateError();
+      }
+      if(certificate.validityType === 'defaultDays') {
+        populateValidityDateAsPerDefault(certificate);
+      }
+
       WizardHandler.wizard().context.loading = true;
       CertificateService.create(certificate).then(
         function () {
@@ -164,6 +171,30 @@ angular.module('lemur')
         });
     };
 
+    function showMissingDateError() {
+      let error = {};
+      error.message = '';
+      error.reasons = {};
+      error.reasons.validityRange = 'Valid start and end dates are needed, else select Default option';
+
+      toaster.pop({
+        type: 'error',
+        title: 'Validation Error',
+        body: 'lemur-bad-request',
+        bodyOutputType: 'directive',
+        directiveData: error,
+        timeout: 100000
+      });
+    }
+
+    function populateValidityDateAsPerDefault(certificate) {
+      // calculate start and end date as per default validity
+      let startDate = new Date(), endDate = new Date();
+      endDate.setDate(startDate.getDate() + certificate.authority.authorityCertificate.defaultValidityDays);
+      certificate.validityStart = startDate;
+      certificate.validityEnd = endDate;
+    }
+
     $scope.templates = [
       {
         'name': 'Client Certificate',
@@ -277,6 +308,14 @@ angular.module('lemur')
   };
 
   $scope.create = function (certificate) {
+     if(certificate.validityType === 'customDates' &&
+          (!certificate.validityStart || !certificate.validityEnd)) { // these are not mandatory fields in schema, thus handling validation in js
+          return showMissingDateError();
+     }
+     if(certificate.validityType === 'defaultDays') {
+        populateValidityDateAsPerDefault(certificate);
+     }
+
     WizardHandler.wizard().context.loading = true;
     CertificateService.create(certificate).then(
       function () {
@@ -301,6 +340,30 @@ angular.module('lemur')
       });
   };
 
+  function showMissingDateError() {
+      let error = {};
+      error.message = '';
+      error.reasons = {};
+      error.reasons.validityRange = 'Valid start and end dates are needed, else select Default option';
+
+      toaster.pop({
+        type: 'error',
+        title: 'Validation Error',
+        body: 'lemur-bad-request',
+        bodyOutputType: 'directive',
+        directiveData: error,
+        timeout: 100000
+      });
+    }
+
+    function populateValidityDateAsPerDefault(certificate) {
+      // calculate start and end date as per default validity
+      let startDate = new Date(), endDate = new Date();
+      endDate.setDate(startDate.getDate() + certificate.authority.authorityCertificate.defaultValidityDays);
+      certificate.validityStart = startDate;
+      certificate.validityEnd = endDate;
+    }
+
   $scope.templates = [
     {
       'name': 'Client Certificate',
diff --git a/lemur/static/app/angular/certificates/certificate/options.tpl.html b/lemur/static/app/angular/certificates/certificate/options.tpl.html
index 7e47cf18..7e6ad428 100644
--- a/lemur/static/app/angular/certificates/certificate/options.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/options.tpl.html
@@ -20,7 +20,7 @@
                           name="certificate signing request"
                           ng-model="certificate.csr"
                           placeholder="PEM encoded string..." class="form-control"
-                          ng-pattern="/^-----BEGIN CERTIFICATE REQUEST-----/"></textarea>
+                          ng-pattern="/(^-----BEGIN CERTIFICATE REQUEST-----[\S\s]*-----END CERTIFICATE REQUEST-----)|(^-----BEGIN NEW CERTIFICATE REQUEST-----[\S\s]*-----END NEW CERTIFICATE REQUEST-----)/"></textarea>
 
           <p ng-show="trackingForm.csr.$invalid && !trackingForm.csr.$pristine"
              class="help-block">Enter a valid certificate signing request.</p>
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
index 07d6b0f4..d60a1a6a 100644
--- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
+++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html
@@ -96,7 +96,7 @@
         Certificate Authority
       </label>
       <div class="col-sm-10">
-        <ui-select class="input-md" ng-model="certificate.authority" theme="bootstrap" title="choose an authority">
+        <ui-select class="input-md" ng-model="certificate.authority" theme="bootstrap" title="choose an authority" ng-change="clearDates()">
           <ui-select-match placeholder="select an authority...">{{$select.selected.name}}</ui-select-match>
           <ui-select-choices class="form-control" repeat="authority in authorities"
                              refresh="getAuthoritiesByName($select.search)"
@@ -133,22 +133,20 @@
       </div>
     <div class="form-group" ng-hide="certificate.authority.plugin.slug == 'acme-issuer'">
       <label class="control-label col-sm-2"
-             uib-tooltip="If no date is selected Lemur attempts to issue a 1 year certificate">
+             uib-tooltip="You can select custom date range; however, we recommend continuing with default validity.">
         Validity Range <span class="glyphicon glyphicon-question-sign"></span>
       </label>
-      <div class="col-sm-2">
-        <select ng-model="certificate.validityYears" class="form-control">
-          <option value="">-</option>
-          <option value="1">1 year</option>
-        </select>
+      <div class="col-sm-4">
+        <div class="btn-group btn-group-toggle" data-toggle="buttons">
+          <label class="btn btn-info" ng-model="certificate.validityType" uib-btn-radio="'defaultDays'" ng-click="clearDates()">
+              Default ({{certificate.authority.authorityCertificate.defaultValidityDays}} days)</label>
+          <label class="btn btn-info" ng-model="certificate.validityType" uib-btn-radio="'customDates'" ng-change="clearDates()">Custom</label>
+        </div>
       </div>
-      <span style="padding-top: 15px" class="text-center col-sm-1">
-                <strong>or</strong>
-            </span>
-      <div class="col-sm-3">
+      <div class="col-sm-3" ng-if="certificate.validityType==='customDates'">
         <div class="input-group">
           <input type="text" class="form-control"
-                 uib-tooltip="yyyy/MM/dd"
+                 uib-tooltip="Start Date (yyyy/MM/dd)"
                  uib-datepicker-popup="yyyy/MM/dd"
                  ng-model="certificate.validityStart"
                  ng-change="certificate.setValidityEndDateRange(certificate.validityStart)"
@@ -159,6 +157,7 @@
                  min-date="certificate.authority.authorityCertificate.notBefore"
                  alt-input-formats="altInputFormats"
                  placeholder="Start Date"
+                 readonly="true"
           />
           <span class="input-group-btn">
                         <button type="button" class="btn btn-default" ng-click="open1()"><i
@@ -166,10 +165,10 @@
                     </span>
         </div>
       </div>
-      <div class="col-sm-3">
+      <div class="col-sm-3" ng-if="certificate.validityType==='customDates'">
         <div class="input-group">
           <input type="text" class="form-control"
-                 uib-tooltip="yyyy/MM/dd"
+                 uib-tooltip="End Date (yyyy/MM/dd)"
                  uib-datepicker-popup="yyyy/MM/dd"
                  ng-model="certificate.validityEnd"
                  is-open="popup2.opened"
@@ -179,6 +178,7 @@
                  min-date="certificate.authority.authorityCertificate.minValidityEnd"
                  alt-input-formats="altInputFormats"
                  placeholder="End Date"
+                 readonly="true"
           />
           <span class="input-group-btn">
                         <button type="button" class="btn btn-default" ng-click="open2()"><i
@@ -186,10 +186,6 @@
                     </span>
         </div>
       </div>
-      <div class="col-sm-1">
-        <button uib-tooltip="Clear Validity" ng-click="clearDates()" class="btn btn-default"><i
-          class="glyphicon glyphicon-remove"></i></button>
-      </div>
     </div>
     <div class="form-group" ng-show="certificate.authority.plugin.slug == 'acme-issuer'">
       <label class="control-label col-sm-2">
diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js
index 881a443a..0c8eb7cc 100644
--- a/lemur/static/app/angular/certificates/services.js
+++ b/lemur/static/app/angular/certificates/services.js
@@ -167,17 +167,19 @@ angular.module('lemur')
         },
         setValidityEndDateRange: function (value) {
           // clear selected validity end date as we are about to calculate new range
-          if(this.validityEnd) {
-            this.validityEnd = '';
-          }
-          
+          this.validityEnd = '';
+
           // Minimum end date will be same as selected start date
           this.authority.authorityCertificate.minValidityEnd = value;
 
-          // Move max end date by maxIssuanceDays
-          let endDate = new Date(value);
-          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
-          this.authority.authorityCertificate.maxValidityEnd = endDate;
+          if(!this.authority.authorityCertificate || !this.authority.authorityCertificate.maxIssuanceDays) {
+            this.authority.authorityCertificate.maxValidityEnd = this.authority.authorityCertificate.notAfter;
+          } else {
+            // Move max end date by maxIssuanceDays
+            let endDate = new Date(value);
+            endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+            this.authority.authorityCertificate.maxValidityEnd = endDate;
+          }
         }
       });
     });
@@ -195,7 +197,7 @@ angular.module('lemur')
     CertificateService.create = function (certificate) {
       certificate.attachSubAltName();
       certificate.attachCustom();
-      if (certificate.validityYears === '') { // if a user de-selects validity years we ignore it
+      if (certificate.validityYears === '') { // if a user de-selects validity years we ignore it - might not be needed anymore
         delete certificate.validityYears;
       }
       return CertificateApi.post(certificate);
@@ -281,6 +283,9 @@ angular.module('lemur')
         certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
         certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
 
+        // pre-select validity type radio button to default days
+        certificate.validityType = 'defaultDays';
+
         if (certificate.dnsProviderId) {
           certificate.dnsProvider = {id: certificate.dnsProviderId};
         }
diff --git a/lemur/static/app/angular/pending_certificates/services.js b/lemur/static/app/angular/pending_certificates/services.js
index 2f99eb7d..9b32c1d3 100644
--- a/lemur/static/app/angular/pending_certificates/services.js
+++ b/lemur/static/app/angular/pending_certificates/services.js
@@ -147,17 +147,19 @@ angular.module('lemur')
         },
         setValidityEndDateRange: function (value) {
           // clear selected validity end date as we are about to calculate new range
-          if(this.validityEnd) {
-            this.validityEnd = '';
-          }
+          this.validityEnd = '';
 
           // Minimum end date will be same as selected start date
           this.authority.authorityCertificate.minValidityEnd = value;
 
-          // Move max end date by maxIssuanceDays
-          let endDate = new Date(value);
-          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
-          this.authority.authorityCertificate.maxValidityEnd = endDate;
+          if(!this.authority.authorityCertificate || !this.authority.authorityCertificate.maxIssuanceDays) {
+            this.authority.authorityCertificate.maxValidityEnd = this.authority.authorityCertificate.notAfter;
+          } else {
+            // Move max end date by maxIssuanceDays
+            let endDate = new Date(value);
+            endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+            this.authority.authorityCertificate.maxValidityEnd = endDate;
+          }
         }
       });
     });
diff --git a/lemur/tests/test_authorities.py b/lemur/tests/test_authorities.py
index 9649e949..fade39e8 100644
--- a/lemur/tests/test_authorities.py
+++ b/lemur/tests/test_authorities.py
@@ -34,6 +34,29 @@ def test_authority_input_schema(client, role, issuer_plugin, logged_in_user):
     assert not errors
 
 
+def test_authority_input_schema_ecc(client, role, issuer_plugin, logged_in_user):
+    from lemur.authorities.schemas import AuthorityInputSchema
+
+    input_data = {
+        "name": "Example Authority",
+        "owner": "jim@example.com",
+        "description": "An example authority.",
+        "commonName": "An Example Authority",
+        "plugin": {
+            "slug": "test-issuer",
+            "plugin_options": [{"name": "test", "value": "blah"}],
+        },
+        "type": "root",
+        "signingAlgorithm": "sha256WithECDSA",
+        "keyType": "ECCPRIME256V1",
+        "sensitivity": "medium",
+    }
+
+    data, errors = AuthorityInputSchema().load(input_data)
+
+    assert not errors
+
+
 def test_user_authority(session, client, authority, role, user, issuer_plugin):
     u = user["user"]
     u.roles.append(role)
diff --git a/lemur/tests/test_utils.py b/lemur/tests/test_utils.py
index 2e117d25..1dac39bb 100644
--- a/lemur/tests/test_utils.py
+++ b/lemur/tests/test_utils.py
@@ -11,6 +11,12 @@ from lemur.tests.vectors import (
 )
 
 
+def test_get_key_type_from_ec_curve():
+    from lemur.common.utils import get_key_type_from_ec_curve
+
+    assert get_key_type_from_ec_curve("secp256r1") == "ECCPRIME256V1"
+
+
 def test_generate_private_key():
     from lemur.common.utils import generate_private_key
 
diff --git a/package.json b/package.json
index 1a54eccc..c4105e01 100644
--- a/package.json
+++ b/package.json
@@ -39,7 +39,7 @@
     "gulp-uglify": "^2.0.0",
     "gulp-useref": "^3.1.2",
     "gulp-util": "^3.0.1",
-    "http-proxy": "~1.16.2",
+    "http-proxy": ">=1.18.1",
     "jshint-stylish": "^2.2.1",
     "karma": "^4.4.1",
     "karma-jasmine": "^1.1.0",
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 2299848e..166722e8 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -11,7 +11,7 @@ cffi==1.14.0              # via cryptography
 cfgv==3.1.0               # via pre-commit
 chardet==3.0.4            # via requests
 colorama==0.4.3           # via twine
-cryptography==3.0         # via secretstorage
+cryptography==3.1         # via secretstorage
 distlib==0.3.0            # via virtualenv
 docutils==0.16            # via readme-renderer
 filelock==3.0.12          # via virtualenv
@@ -22,9 +22,9 @@ invoke==1.4.1             # via -r requirements-dev.in
 jeepney==0.4.3            # via keyring, secretstorage
 keyring==21.2.0           # via twine
 mccabe==0.6.1             # via flake8
-nodeenv==1.4.0            # via -r requirements-dev.in, pre-commit
+nodeenv==1.5.0            # via -r requirements-dev.in, pre-commit
 pkginfo==1.5.0.1          # via twine
-pre-commit==2.6.0         # via -r requirements-dev.in
+pre-commit==2.7.1         # via -r requirements-dev.in
 pycodestyle==2.3.1        # via flake8
 pycparser==2.20           # via cffi
 pyflakes==1.6.0           # via flake8
diff --git a/requirements-docs.txt b/requirements-docs.txt
index 7e187213..f3f417bf 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -4,35 +4,35 @@
 #
 #    pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in
 #
-acme==1.6.0               # via -r requirements.txt
+acme==1.8.0               # via -r requirements.txt
 alabaster==0.7.12         # via sphinx
 alembic-autogenerate-enums==0.0.2  # via -r requirements.txt
 alembic==1.4.2            # via -r requirements.txt, flask-migrate
 amqp==2.5.2               # via -r requirements.txt, kombu
 aniso8601==8.0.0          # via -r requirements.txt, flask-restful
-arrow==0.15.8             # via -r requirements.txt
+arrow==0.16.0             # via -r requirements.txt
 asyncpool==1.0            # via -r requirements.txt
 babel==2.8.0              # via sphinx
 bcrypt==3.1.7             # via -r requirements.txt, flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via -r requirements.txt, cloudflare
 billiard==3.6.3.0         # via -r requirements.txt, celery
 blinker==1.4              # via -r requirements.txt, flask-mail, flask-principal, raven
-boto3==1.14.33            # via -r requirements.txt
-botocore==1.17.33         # via -r requirements.txt, boto3, s3transfer
+boto3==1.14.61            # via -r requirements.txt
+botocore==1.17.61         # via -r requirements.txt, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.txt
 certifi==2020.6.20        # via -r requirements.txt, requests
 certsrv==2.1.1            # via -r requirements.txt
 cffi==1.14.0              # via -r requirements.txt, bcrypt, cryptography, pynacl
 chardet==3.0.4            # via -r requirements.txt, requests
 click==7.1.1              # via -r requirements.txt, flask
-cloudflare==2.8.9         # via -r requirements.txt
-cryptography==3.0         # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
+cloudflare==2.8.13        # via -r requirements.txt
+cryptography==3.1         # via -r requirements.txt, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.txt
 dnspython==1.15.0         # via -r requirements.txt, dnspython3
 docutils==0.15.2          # via -r requirements.txt, botocore, sphinx
 dyn==1.8.1                # via -r requirements.txt
 flask-bcrypt==0.7.1       # via -r requirements.txt
-flask-cors==3.0.8         # via -r requirements.txt
+flask-cors==3.0.9         # via -r requirements.txt
 flask-mail==0.9.1         # via -r requirements.txt
 flask-migrate==2.5.3      # via -r requirements.txt
 flask-principal==0.4.0    # via -r requirements.txt
@@ -46,7 +46,7 @@ gunicorn==20.0.4          # via -r requirements.txt
 hvac==0.10.5              # via -r requirements.txt
 idna==2.9                 # via -r requirements.txt, requests
 imagesize==1.2.0          # via sphinx
-inflection==0.5.0         # via -r requirements.txt
+inflection==0.5.1         # via -r requirements.txt
 itsdangerous==1.1.0       # via -r requirements.txt, flask
 javaobj-py3==0.4.0.1      # via -r requirements.txt, pyjks
 jinja2==2.11.2            # via -r requirements.txt, flask, sphinx
@@ -62,9 +62,9 @@ marshmallow-sqlalchemy==0.23.1  # via -r requirements.txt
 marshmallow==2.20.4       # via -r requirements.txt, marshmallow-sqlalchemy
 ndg-httpsclient==0.5.1    # via -r requirements.txt
 packaging==20.3           # via sphinx
-paramiko==2.7.1           # via -r requirements.txt
+paramiko==2.7.2           # via -r requirements.txt
 pem==20.1.0               # via -r requirements.txt
-psycopg2==2.8.5           # via -r requirements.txt
+psycopg2==2.8.6           # via -r requirements.txt
 pyasn1-modules==0.2.8     # via -r requirements.txt, pyjks, python-ldap
 pyasn1==0.4.8             # via -r requirements.txt, ndg-httpsclient, pyasn1-modules, pyjks, python-ldap
 pycparser==2.20           # via -r requirements.txt, cffi
@@ -92,7 +92,7 @@ six==1.15.0               # via -r requirements.txt, acme, bcrypt, cryptography,
 snowballstemmer==2.0.0    # via sphinx
 soupsieve==2.0.1          # via -r requirements.txt, beautifulsoup4
 sphinx-rtd-theme==0.5.0   # via -r requirements-docs.in
-sphinx==3.2.0             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
+sphinx==3.2.1             # via -r requirements-docs.in, sphinx-rtd-theme, sphinxcontrib-httpdomain
 sphinxcontrib-applehelp==1.0.2  # via sphinx
 sphinxcontrib-devhelp==1.0.2  # via sphinx
 sphinxcontrib-htmlhelp==1.0.3  # via sphinx
diff --git a/requirements-tests.txt b/requirements-tests.txt
index 7fd13f76..20453852 100644
--- a/requirements-tests.txt
+++ b/requirements-tests.txt
@@ -5,30 +5,30 @@
 #    pip-compile --no-index --output-file=requirements-tests.txt requirements-tests.in
 #
 appdirs==1.4.3            # via black
-attrs==19.3.0             # via black, jsonschema, pytest
+attrs==19.3.0             # via jsonschema, pytest
 aws-sam-translator==1.22.0  # via cfn-lint
 aws-xray-sdk==2.5.0       # via moto
 bandit==1.6.2             # via -r requirements-tests.in
-black==19.10b0            # via -r requirements-tests.in
-boto3==1.14.33            # via aws-sam-translator, moto
+black==20.8b1             # via -r requirements-tests.in
+boto3==1.14.61            # via aws-sam-translator, moto
 boto==2.49.0              # via moto
-botocore==1.17.33         # via aws-xray-sdk, boto3, moto, s3transfer
+botocore==1.17.61         # via aws-xray-sdk, boto3, moto, s3transfer
 certifi==2020.6.20        # via requests
 cffi==1.14.0              # via cryptography
 cfn-lint==0.29.5          # via moto
 chardet==3.0.4            # via requests
-click==7.1.1              # via black, flask
-coverage==5.2.1           # via -r requirements-tests.in
-cryptography==3.0         # via moto, sshpubkeys
+click==7.1.2              # via black, flask
+coverage==5.3             # via -r requirements-tests.in
+cryptography==3.1         # via moto, python-jose, sshpubkeys
 decorator==4.4.2          # via networkx
 docker==4.2.0             # via moto
 docutils==0.15.2          # via botocore
-ecdsa==0.15               # via python-jose, sshpubkeys
-factory-boy==2.12.0       # via -r requirements-tests.in
-faker==4.1.1              # via -r requirements-tests.in, factory-boy
-fakeredis==1.4.1          # via -r requirements-tests.in
+ecdsa==0.14.1             # via moto, python-jose, sshpubkeys
+factory-boy==3.0.1        # via -r requirements-tests.in
+faker==4.1.3              # via -r requirements-tests.in, factory-boy
+fakeredis==1.4.3          # via -r requirements-tests.in
 flask==1.1.2              # via pytest-flask
-freezegun==0.3.15         # via -r requirements-tests.in
+freezegun==1.0.0          # via -r requirements-tests.in
 future==0.18.2            # via aws-xray-sdk
 gitdb==4.0.4              # via gitpython
 gitpython==3.1.1          # via bandit
@@ -43,10 +43,11 @@ jsonpatch==1.25           # via cfn-lint
 jsonpickle==1.4           # via aws-xray-sdk
 jsonpointer==2.0          # via jsonpatch
 jsonschema==3.2.0         # via aws-sam-translator, cfn-lint
-markupsafe==1.1.1         # via jinja2
+markupsafe==1.1.1         # via jinja2, moto
 mock==4.0.2               # via moto
-more-itertools==8.2.0     # via pytest
-moto==1.3.14              # via -r requirements-tests.in
+more-itertools==8.2.0     # via moto, pytest
+moto==1.3.16              # via -r requirements-tests.in
+mypy-extensions==0.4.3    # via black
 networkx==2.4             # via cfn-lint
 nose==1.3.7               # via -r requirements-tests.in
 packaging==20.3           # via pytest
@@ -60,10 +61,10 @@ pyflakes==2.2.0           # via -r requirements-tests.in
 pyparsing==2.4.7          # via packaging
 pyrsistent==0.16.0        # via jsonschema
 pytest-flask==1.0.0       # via -r requirements-tests.in
-pytest-mock==3.2.0        # via -r requirements-tests.in
-pytest==6.0.1             # via -r requirements-tests.in, pytest-flask, pytest-mock
+pytest-mock==3.3.1        # via -r requirements-tests.in
+pytest==6.0.2             # via -r requirements-tests.in, pytest-flask, pytest-mock
 python-dateutil==2.8.1    # via botocore, faker, freezegun, moto
-python-jose==3.1.0        # via moto
+python-jose[cryptography]==3.1.0  # via moto
 pytz==2019.3              # via moto
 pyyaml==5.3.1             # via -r requirements-tests.in, bandit, cfn-lint, moto
 redis==3.5.3              # via fakeredis
@@ -73,20 +74,21 @@ requests==2.24.0          # via docker, moto, requests-mock, responses
 responses==0.10.12        # via moto
 rsa==4.0                  # via python-jose
 s3transfer==0.3.3         # via boto3
-six==1.15.0               # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, ecdsa, fakeredis, freezegun, jsonschema, moto, packaging, pyrsistent, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client
+six==1.15.0               # via aws-sam-translator, bandit, cfn-lint, cryptography, docker, ecdsa, fakeredis, jsonschema, moto, packaging, pyrsistent, python-dateutil, python-jose, requests-mock, responses, stevedore, websocket-client
 smmap==3.0.2              # via gitdb
 sortedcontainers==2.1.0   # via fakeredis
 sshpubkeys==3.1.0         # via moto
 stevedore==1.32.0         # via bandit
 text-unidecode==1.3       # via faker
-toml==0.10.0              # via black, pytest
+toml==0.10.1              # via black, pytest
 typed-ast==1.4.1          # via black
+typing-extensions==3.7.4.3  # via black
 urllib3==1.25.8           # via botocore, requests
 websocket-client==0.57.0  # via docker
 werkzeug==1.0.1           # via flask, moto, pytest-flask
 wrapt==1.12.1             # via aws-xray-sdk
 xmltodict==0.12.0         # via moto
-zipp==3.1.0               # via importlib-metadata
+zipp==3.1.0               # via importlib-metadata, moto
 
 # The following packages are considered to be unsafe in a requirements file:
 # setuptools
diff --git a/requirements.txt b/requirements.txt
index d9e86d97..27a37a8c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,33 +4,33 @@
 #
 #    pip-compile --no-index --output-file=requirements.txt requirements.in
 #
-acme==1.6.0               # via -r requirements.in
+acme==1.8.0               # via -r requirements.in
 alembic-autogenerate-enums==0.0.2  # via -r requirements.in
 alembic==1.4.2            # via flask-migrate
 amqp==2.5.2               # via kombu
 aniso8601==8.0.0          # via flask-restful
-arrow==0.15.8             # via -r requirements.in
+arrow==0.16.0             # via -r requirements.in
 asyncpool==1.0            # via -r requirements.in
 bcrypt==3.1.7             # via flask-bcrypt, paramiko
 beautifulsoup4==4.9.1     # via cloudflare
 billiard==3.6.3.0         # via celery
 blinker==1.4              # via flask-mail, flask-principal, raven
-boto3==1.14.33            # via -r requirements.in
-botocore==1.17.33         # via -r requirements.in, boto3, s3transfer
+boto3==1.14.61            # via -r requirements.in
+botocore==1.17.61         # via -r requirements.in, boto3, s3transfer
 celery[redis]==4.4.2      # via -r requirements.in
 certifi==2020.6.20        # via -r requirements.in, requests
 certsrv==2.1.1            # via -r requirements.in
 cffi==1.14.0              # via bcrypt, cryptography, pynacl
 chardet==3.0.4            # via requests
 click==7.1.1              # via flask
-cloudflare==2.8.9         # via -r requirements.in
-cryptography==3.0         # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
+cloudflare==2.8.13        # via -r requirements.in
+cryptography==3.1         # via -r requirements.in, acme, josepy, paramiko, pyopenssl, requests
 dnspython3==1.15.0        # via -r requirements.in
 dnspython==1.15.0         # via dnspython3
 docutils==0.15.2          # via botocore
 dyn==1.8.1                # via -r requirements.in
 flask-bcrypt==0.7.1       # via -r requirements.in
-flask-cors==3.0.8         # via -r requirements.in
+flask-cors==3.0.9         # via -r requirements.in
 flask-mail==0.9.1         # via -r requirements.in
 flask-migrate==2.5.3      # via -r requirements.in
 flask-principal==0.4.0    # via -r requirements.in
@@ -43,7 +43,7 @@ future==0.18.2            # via -r requirements.in
 gunicorn==20.0.4          # via -r requirements.in
 hvac==0.10.5              # via -r requirements.in
 idna==2.9                 # via requests
-inflection==0.5.0         # via -r requirements.in
+inflection==0.5.1         # via -r requirements.in
 itsdangerous==1.1.0       # via flask
 javaobj-py3==0.4.0.1      # via pyjks
 jinja2==2.11.2            # via -r requirements.in, flask
@@ -58,9 +58,9 @@ markupsafe==1.1.1         # via jinja2, mako
 marshmallow-sqlalchemy==0.23.1  # via -r requirements.in
 marshmallow==2.20.4       # via -r requirements.in, marshmallow-sqlalchemy
 ndg-httpsclient==0.5.1    # via -r requirements.in
-paramiko==2.7.1           # via -r requirements.in
+paramiko==2.7.2           # via -r requirements.in
 pem==20.1.0               # via -r requirements.in
-psycopg2==2.8.5           # via -r requirements.in
+psycopg2==2.8.6           # via -r requirements.in
 pyasn1-modules==0.2.8     # via pyjks, python-ldap
 pyasn1==0.4.8             # via ndg-httpsclient, pyasn1-modules, pyjks, python-ldap
 pycparser==2.20           # via cffi
diff --git a/setup.py b/setup.py
index 4ce03d70..4da14c3d 100644
--- a/setup.py
+++ b/setup.py
@@ -9,30 +9,18 @@ Is a TLS management and orchestration tool.
 """
 from __future__ import absolute_import
 
-import sys
-import json
-import os.path
 import datetime
+import json
+import logging
+import os.path
+import sys
+from subprocess import check_output
 
-from distutils import log
-from distutils.core import Command
+from setuptools import Command
+from setuptools import setup, find_packages
 from setuptools.command.develop import develop
 from setuptools.command.install import install
 from setuptools.command.sdist import sdist
-from setuptools import setup, find_packages
-from subprocess import check_output
-
-import pip
-if tuple(map(int, pip.__version__.split('.'))) >= (19, 3, 0):
-    from pip._internal.network.session import PipSession
-    from pip._internal.req import parse_requirements
-
-elif tuple(map(int, pip.__version__.split('.'))) >= (10, 0, 0):
-    from pip._internal.download import PipSession
-    from pip._internal.req import parse_requirements
-else:
-    from pip.download import PipSession
-    from pip.req import parse_requirements
 
 ROOT = os.path.realpath(os.path.join(os.path.dirname(__file__)))
 
@@ -44,21 +32,18 @@ about = {}
 with open(os.path.join(ROOT, 'lemur', '__about__.py')) as f:
     exec(f.read(), about)  # nosec: about file is benign
 
-install_requires_g = parse_requirements("requirements.txt", session=PipSession())
-tests_require_g = parse_requirements("requirements-tests.txt", session=PipSession())
-docs_require_g = parse_requirements("requirements-docs.txt", session=PipSession())
-dev_requires_g = parse_requirements("requirements-dev.txt", session=PipSession())
+# Parse requirements files
+with open('requirements.txt') as f:
+    install_requirements = f.read().splitlines()
 
-if tuple(map(int, pip.__version__.split('.'))) >= (20, 1):
-    install_requires = [str(ir.requirement) for ir in install_requires_g]
-    tests_require = [str(ir.requirement) for ir in tests_require_g]
-    docs_require = [str(ir.requirement) for ir in docs_require_g]
-    dev_requires = [str(ir.requirement) for ir in dev_requires_g]
-else:
-    install_requires = [str(ir.req) for ir in install_requires_g]
-    tests_require = [str(ir.req) for ir in tests_require_g]
-    docs_require = [str(ir.req) for ir in docs_require_g]
-    dev_requires = [str(ir.req) for ir in dev_requires_g]
+with open('requirements-tests.txt') as f:
+    tests_requirements = f.read().splitlines()
+
+with open('requirements-docs.txt') as f:
+    docs_requirements = f.read().splitlines()
+
+with open('requirements-dev.txt') as f:
+    dev_requirements = f.read().splitlines()
 
 
 class SmartInstall(install):
@@ -67,6 +52,7 @@ class SmartInstall(install):
     If the package indicator is missing, this will also force a run of
     `build_static` which is required for JavaScript assets and other things.
     """
+
     def _needs_static(self):
         return not os.path.exists(os.path.join(ROOT, 'lemur/static/dist'))
 
@@ -105,16 +91,16 @@ class BuildStatic(Command):
         pass
 
     def run(self):
-        log.info("running [npm install --quiet] in {0}".format(ROOT))
+        logging.info("running [npm install --quiet] in {0}".format(ROOT))
         try:
             check_output(['npm', 'install', '--quiet'], cwd=ROOT)
 
-            log.info("running [gulp build]")
+            logging.info("running [gulp build]")
             check_output([os.path.join(ROOT, 'node_modules', '.bin', 'gulp'), 'build'], cwd=ROOT)
-            log.info("running [gulp package]")
+            logging.info("running [gulp package]")
             check_output([os.path.join(ROOT, 'node_modules', '.bin', 'gulp'), 'package'], cwd=ROOT)
         except Exception as e:
-            log.warn("Unable to build static content")
+            logging.warn("Unable to build static content")
 
 
 setup(
@@ -128,11 +114,11 @@ setup(
     packages=find_packages(),
     include_package_data=True,
     zip_safe=False,
-    install_requires=install_requires,
+    install_requires=install_requirements,
     extras_require={
-        'tests': tests_require,
-        'docs': docs_require,
-        'dev': dev_requires,
+        'tests': tests_requirements,
+        'docs': docs_requirements,
+        'dev': dev_requirements,
     },
     cmdclass={
         'build_static': BuildStatic,
@@ -167,7 +153,9 @@ setup(
             'vault_source = lemur.plugins.lemur_vault_dest.plugin:VaultSourcePlugin',
             'vault_desination = lemur.plugins.lemur_vault_dest.plugin:VaultDestinationPlugin',
             'adcs_issuer = lemur.plugins.lemur_adcs.plugin:ADCSIssuerPlugin',
-            'adcs_source = lemur.plugins.lemur_adcs.plugin:ADCSSourcePlugin'
+            'adcs_source = lemur.plugins.lemur_adcs.plugin:ADCSSourcePlugin',
+            'entrust_issuer = lemur.plugins.lemur_entrust.plugin:EntrustIssuerPlugin',
+            'entrust_source = lemur.plugins.lemur_entrust.plugin:EntrustSourcePlugin'
         ],
     },
     classifiers=[