PKI is a combination of hardware, software, policies, and standards that work together to provide a framework for secure communications in the digital world. At the heart of PKI are SSL certificates, which are essentially electronic credentials that authenticate the identity of the certificate holder and provide the public key to establish secure communications.
There are a few key components of PKI that you need to get started with it. Those key components of PKI are:
Similar to a driver’s license or a passport, these electronic credentials provide essential information about the certificate holder and the authority that issued it.
This is a trusted third-party organization that issues digital certificates. The CA verifies the identity of the certificate applicant before it issues a certificate, ensuring trust in the process.
The registration authority (RA) acts as the verifier for the CA before the digital certificate is issued to the end user.
These are paired cryptographic keys (think of them as a married couple). Public keys, in case you couldn’t tell from the name, are public, and people can use them to verify a certificate’s identity. Private keys, on the other hand, are kept by the certificate holder – hence the name private key. If you really want to learn more about how public and private keys work, here are our docs on cryptography – we salute you.
Check out our blog explaining what is a CRL for more detailed information, but the gist is that a CRL (Certificate Revocation List) is a list of digital certificates that the CA revoked before their expiration date. Basically, CRLs are ways for the certificate authorities to tell the world which certificates it doesn’t trust anymore.
Once again, you can check out our blog explaining what is OCSP for a more in-depth look at the protocol, but the quick overview of it is that OCSP is an alternative to using CRLs and, actually, is a more efficient method of checking if a certificate was revoked before its expiration date than by using CRLs. Note, while this might be more efficient than CRLs, it is not universally supported so ensure your devices support OCSP before enabling it.
Now that you know what PKI is and what the key components of it are, you can get started with using your very own PKI! Congratulations! We recommend that the next steps you take are to check out the recommended readings below for more information on the ins and outs of PKI management. Alternatively, you can always schedule a FREE consultation with one of our PKI experts to see how we can help with your specific use case!