About
The X.509 Public Key Infrastructure is a Public key infrastructure (PKI) that uses a hierarchical system of Certificate authorities that brings trust to the transactions by signing certificate.
Concept
A Hierarchical PKI consists of:
- A certificate authority (CA) that stores, issues and signs the digital certificates
- A registration authority which verifies the identity of entities requesting their digital certificates to be stored at the CA
- A central directory (public key server) i.e., a secure location in which to store and index public keys
- A certificate management system managing things like the access to stored certificates or the delivery of the certificates to be issued.
- A certificate policy stating the PKI's requirements concerning its procedures. Its purpose is to allow outsiders to analyze the PKI's trustworthiness.
Standard
The Hierarchical PKI is defined in the rfc5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile