πŸ”

PKI Overview and Components

Jun 21, 2025

Overview

This lecture explains Public Key Infrastructure (PKI), its components, certificate types, and the trust model underpinning secure digital communication.

PKI Overview

  • PKI (Public Key Infrastructure) manages the creation, storage, and distribution of digital certificates for secure communications.
  • Digital certificates prove ownership of a public key using information, the owner's identity, and a digital signature from a trusted party.

Components of PKI

  • The Certificate Authority (CA) issues, stores, and signs digital certificates, acting as a trusted validator.
  • Registration Authority (RA) verifies the identities of entities requesting certificates, often functions together with the CA.
  • A central certificate repository securely stores and manages certificates.

Certificate Types and Usage

  • SSL/TLS server certificates are provided by web servers for secure connections; clients verify the certificate matches the server’s domain.
  • Wildcard certificates use an asterisk to cover all host names in a domain.
  • Self-signed certificates are signed by the issuing entity itself and are not trusted unless the public key is already trusted.
  • SSL/TLS client certificates authenticate clients to servers, usually managed by internal CAs, not public CAs.
  • Code signing certificates sign executable files so users can verify origin and integrity.

Trust Model and Certificate Hierarchy

  • PKI relies on a "chain of trust" that starts with a root Certificate Authority (root CA).
  • Root CA certificates are self-signed and form the trust anchor for all subordinate certificates.
  • Intermediate (intermediary) CAs are granted signing authority by root CAs and can issue further certificates.
  • End-entity or leaf certificates have no signing authority and are used at the endpoints of the trust chain.
  • Trusted root CA certificates are pre-installed in operating systems and browsers to establish initial trust.

Key Terms & Definitions

  • Digital Certificate β€” A file that links an entity to a public key, secured by a third-party digital signature.
  • Certificate Authority (CA) β€” Trusted organization that issues, signs, and manages digital certificates.
  • Registration Authority (RA) β€” Entity that authenticates certificate requests before CA approval.
  • SSL/TLS Certificate β€” Digital certificate used to establish encrypted web connections.
  • Wildcard Certificate β€” SSL/TLS certificate valid for all subdomains within a domain.
  • Self-signed Certificate β€” Certificate signed by its issuer, not inherently trusted.
  • Root CA β€” The top-level CA in the trust hierarchy, self-signed.
  • Intermediate CA β€” CA certified by a root or another intermediate CA to sign additional certificates.
  • End-entity/Leaf Certificate β€” Final, non-signing certificate used by servers or clients.

Action Items / Next Steps

  • Review common certificate types and their use-cases.
  • Understand how trust chains are established and maintained in PKI systems.

View note sourcehttps://d3c33hcgiwev3.cloudfront.net/wj27mxvyTq-y0Z2VyGvsVQ.processed/full/720p/index.mp4?Expires=1750636800&Signature=KpRGC~MZi5b-I2vHXznm1NGWSniS1RJ2SvduyVTTY2TOGqgDQMG1-SJ2icTSMkmGK1aeOuWRRV63fW1~YYYqmtg84~QQvUz3YUAg4I23z6GwUrfj3vR8u9wCqpLH4gIfOX4gbcykttlqude8Z9SdHmk7~2CFIcmG9vTrSIxmMcY_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A