🔐

PKI Overview and Components

Jun 24, 2025

Overview

This lecture explains the components and operation of PKI (Public Key Infrastructure), highlighting its essential role in secure online communication through digital certificates, certificate authorities, and trust chains.

PKI Basics

  • PKI (Public Key Infrastructure) manages the creation, storage, and distribution of digital certificates.
  • A digital certificate proves ownership of a public key and contains the key, owner info, and a digital signature.
  • A certificate is trusted if its digital signature is valid and the signer is trusted.

PKI Components

  • The Certificate Authority (CA) issues, stores, and signs digital certificates.
  • Registration Authorities (RA) verify the identity of entities requesting certificates, often combined with the CA role.
  • A central repository or management system stores and manages certificates and keys.

Certificate Types & Applications

  • SSL/TLS server certificates secure website communications and are verified by browsers.
  • Wildcard certificates cover all hostnames within a domain using an asterisk (*).
  • Self-signed certificates are signed by the entity itself and are not trusted unless the key is already trusted.
  • SSL/TLS client certificates authenticate users to servers and are usually managed by internal CAs.
  • Code signing certificates verify the integrity and origin of executable programs.*

Trust and the Chain of Trust

  • PKI relies on a chain of trust beginning with a self-signed root CA certificate.
  • The root CA can sign intermediate CA certificates, creating a hierarchical trust structure.
  • End entity (leaf) certificates are at the bottom of the chain and lack authority to sign others.
  • Root CA certificates are distributed by OS vendors and are pre-installed in operating systems and browsers.

Key Terms & Definitions

  • PKI — System for managing digital certificates and public-key encryption.
  • Digital Certificate — File linking a public key to its owner, verified by a digital signature.
  • CA (Certificate Authority) — Entity responsible for issuing and signing certificates.
  • RA (Registration Authority) — Entity that verifies identities for certificate issuance.
  • SSL/TLS Certificate — Certificate securing online communications.
  • Wildcard Certificate — Certificate valid for all subdomains under a domain.
  • Self-signed Certificate — Certificate signed by the same entity that created it.
  • Chain of Trust — Hierarchy of trust starting with a root CA.

Action Items / Next Steps

  • Review how trust chains are formed in PKI.
  • Understand differences between certificate types and their applications.
  • Check assigned reading on certificate management (if any specified by your instructor).

View note sourcehttps://d3c33hcgiwev3.cloudfront.net/wj27mxvyTq-y0Z2VyGvsVQ.processed/full/720p/index.mp4?Expires=1750896000&Signature=NCdYLRcYOr7JZi5C-0-nhDWwV5CslmEl0isCo~aI~bVnzJG0IS2-sgcYj91kXOlFawuAjufug65AskoIPXR4z5TdsqD2au1qIpiKhrHfoc2spKSw~cBOZXI5FDQNRuE60AD530kttLkRaMvM3alcKSEune93dNIjqiTDbFKkQtU_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A