Public Key Infrastructure (PKI) Overview

Public Key Infrastructure or PKI can be a very complex but important subject. We’ll give you a PKI overview to help you understand what PKI is and how it can help you. PKI is a loaded term that involves the hardware, software, policies, and standards that are necessary to manage SSL certificates. A PKI lets you:

• Authenticate users more securely than standard usernames and passwords
• Encrypt sensitive information
• Electronically sign documents more efficiently

A PKI allows you to bind public keys (contained in SSL certificates) with a person so in a way that allows you to trust the certificate. Public Key Infrastructures most commonly use a Certiticate Authority (also called a Registration Authority) to verify the identity of an entity and create unforgeable certificates. Web browsers, web servers, email clients, smart cards, and many other types of hardware and software all have integrated, standards-based PKI support that can be used with each other.  A PKI is only as valuable as the standards that are established for issuing certificates.

Certificate Authorities

An SSL Certificate Authority (also called a trusted third party) is an organization that issues digital certificates to organizations or individuals after verifying their identity. The information that it verifies is included in the signed certificate. It is also responsible for revoking certificates that have been compromised. Many Certificate Authorities have their root certificates embedded in web browsers so your web browser automatically trusts them. They will sign an entity’s certificate using their trusted root certificate (or an intermediate of it) to create a "chain of trust" so the browser will trust the entity’s certificate. Basically, web browser developers are saying "We trust this certificate authority and they say that this is the entity's public key so, if we use it, we know we are talking to the right entity."

Managed PKI

While the term PKI is a very broad term that covers nearly every implementation of SSL, many SSL providers use the term Managed PKI to describe a system that gives you greater control over issuing, renewing, revoking, and managing SSL certificates while still gaining the  advantages of using a trusted CA. Features of a managed PKI system often include:

• Automated issuance of SSL certificates
• Auditing capabilities
• Full lifecycle management
• Central management of the certificates across your entire organization