X.509 Public Key Infrastructure / Hierarchical PKI

About

The X.509 Public Key Infrastructure is a Public key infrastructure (PKI) that uses a hierarchical system of Certificate authorities that brings trust to the transactions by signing certificate.

Concept

A Hierarchical PKI consists of:

  • A certificate authority (CA) that stores, issues and signs the digital certificates
  • A registration authority which verifies the identity of entities requesting their digital certificates to be stored at the CA
  • A central directory (public key server) i.e., a secure location in which to store and index public keys
  • A certificate management system managing things like the access to stored certificates or the delivery of the certificates to be issued.
  • A certificate policy stating the PKI's requirements concerning its procedures. Its purpose is to allow outsiders to analyze the PKI's trustworthiness.

Standard

The Hierarchical PKI is defined in the rfc5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile





Discover More
Public key infrastructure (PKI)

A public key infrastructure (PKI) is the management and database system for: the creation, the signature the storage, the revocation and the distribution of digital certificates and public...
Trust model

A trust model is a system that establish the authenticity of the binding between a public key and its owner (ie process of verification and certificate signature). A central problem with the use of public...
Trust model - Web of trust

A web of trust is a trust model defined in the OpenPGP standard that relies on users to establish the authenticity of the binding between a public key and its owner. Without a central controller (e.g.,...



Share this page:
Follow us:
Task Runner