What are the elements for making a PKI?

  • Private and Public Keys: PKI uses these asymmetric keys to establish secure an encrypted connection over the network using asymmetric encryption.
  • Public Key Certificates: These are issued by Certification Authorities which prove the ownership of a public key. They state the authenticity of the keyholder.
  • Certificate Authority: Certificate Authorities, or CAs, are trusted entities which verify the organization and generate Digital Certificates which contain information about the organization as well as the public key of that organization. The Digital Certificate is signed by the private key of the Certification Authority. This Digital Certificate can also serve as the identity of the organization and show them as the verified owners of the public key.
  • Certificate Repository: A location where all certificates are stored as well as their public keys, validity details, revocation lists and root certificates. These locations are accessible through LDAP, FTP or web servers.
  • Automating PKI Operations: These help in issuing, revoking, renewing certifications etc. They are done through Certificate Management software. A PKI is created for having robust security, and if these tasks aren’t automated, or if one invalid or revoked certificate is out there, bringing productivity or the network to a halt, then it may be catastrophic.