Public
Key Infrastructure or PKI can be a very complex but important subject.
We’ll give you a PKI overview to help you understand what PKI is and
how it can help you. PKI is a loaded term that involves the hardware,
software, policies, and standards that are necessary to manage SSL
certificates. A PKI lets you:
- Authenticate users more securely than standard usernames and passwords
- Encrypt sensitive information
- Electronically sign documents more efficiently
A
PKI allows you to bind public keys (contained in SSL certificates)
with a person so in a way that allows you to trust the certificate.
Public Key Infrastructures most commonly use a Certificate Authority
(also called a Registration Authority) to verify the identity of an
entity and create unforgeable certificates. Web browsers, web servers,
email clients, smart cards, and many other types of hardware and
software all have integrated, standards-based PKI support that can be
used with each other. A PKI is only as valuable as the standards that
are established for issuing certificates.
Certificate Authorities
An
SSL Certificate Authority (also called a trusted third party) is an
organization that issues digital certificates to organizations or
individuals after verifying their identity. The information that it
verifies is included in the signed certificate. It is also responsible
for revoking certificates that have been compromised. Many Certificate
Authorities have their root certificates embedded in web browsers so
your web browser automatically trusts them. They will sign an entity’s
certificate using their trusted root certificate (or an intermediate of
it) to create a "chain of trust" so the browser will trust the
entity’s certificate. Basically, web browser developers are saying "We
trust this certificate authority and they say that this is the entity's
public key so, if we use it, we know we are talking to the right
entity."
Managed PKI
While the term PKI is a very broad
term that covers nearly every implementation of SSL, many SSL providers
use the term Managed PKI to describe a system that gives you greater
control over issuing, renewing, revoking, and managing SSL certificates
while still gaining the advantages of using a trusted CA. Features of
a managed PKI system often include:
- Automated issuance of SSL certificates
- Auditing capabilities
- Full lifecycle management
- Central management of the certificates across your entire organization
Posts
2 comments:
Its a well written article that covers almost everything about public key infrastructure technology. I am highly benefited by this detail. I am thankful to you for explaining and clearing each point in detail.
public key infrastructure
Thank Q Jimmy........
Post a Comment