Contact Us

What is PKI and What Do You Need to Get Started?

What is PKI? PKI definition
22 Nov 2023

What is PKI (Public Key Infrastructure)?

PKI is a combination of hardware, software, policies, and standards that work together to provide a framework for secure communications in the digital world. At the heart of PKI are SSL certificates, which are essentially electronic credentials that authenticate the identity of the certificate holder and provide the public key to establish secure communications.

What Are the Key Components of PKI?

There are a few key components of PKI that you need to get started with it. Those key components of PKI are:

Digital Certificates

Similar to a driver’s license or a passport, these electronic credentials provide essential information about the certificate holder and the authority that issued it.

Certificate Authorities (CAs)

This is a trusted third-party organization that issues digital certificates. The CA verifies the identity of the certificate applicant before it issues a certificate, ensuring trust in the process.

Registration Authorities (RAs)

The registration authority (RA) acts as the verifier for the CA before the digital certificate is issued to the end user.

Public and Private Keys

These are paired cryptographic keys (think of them as a married couple). Public keys, in case you couldn’t tell from the name, are public, and people can use them to verify a certificate’s identity. Private keys, on the other hand, are kept by the certificate holder – hence the name private key. If you really want to learn more about how public and private keys work, here are our docs on cryptography – we salute you.

Certificate Revocation Lists (CRLs)

Check out our blog explaining what is a CRL for more detailed information, but the gist is that a CRL (Certificate Revocation List) is a list of digital certificates that the CA revoked before their expiration date. Basically, CRLs are ways for the certificate authorities to tell the world which certificates it doesn’t trust anymore.

Online Certificate Status Protocol (OCSP)

Once again, you can check out our blog explaining what is OCSP for a more in-depth look at the protocol, but the quick overview of it is that OCSP is an alternative to using CRLs and, actually, is a more efficient method of checking if a certificate was revoked before its expiration date than by using CRLs. Note, while this might be more efficient than CRLs, it is not universally supported so ensure your devices support OCSP before enabling it.

Now You Know What PKI Is – What Now?

Now that you know what PKI is and what the key components of it are, you can get started with using your very own PKI! Congratulations! We recommend that the next steps you take are to check out the recommended readings below for more information on the ins and outs of PKI management. Alternatively, you can always schedule a FREE consultation with one of our PKI experts to see how we can help with your specific use case!

You Might Also Want to Read