Public Key Infrastructure
PKI system: A system that defines the creation, storage and distribution of digital certificates
- A digital certificate is a file that proves that an entity owns a certain public key.
- A certificate contains information about the public key, the entity it belongs to, and a digital signature from another party that has verified this information
- If the signature is valid and we trust the entity that signed the certificate, then we can trust the public key to be used to securely communicate with the entity that owns it.
CA (Certificate authority): It’s the entity that’s responsible for storing, issuing, and signing certificates. It’s a crucial component of the PKI system
RA (Registration Authority): It is responsible for verifying the identities of any entities requesting certificates to be signed and stored with the CA
A central repository is needed to securely store and index keys, and a certificate management system of some sort, makes managing access to storage certificates and issuance of certificates easier
SSL/TLS Client Certificate: Certificates that are bound to clients and are used to authenticate the client to the server, allowing access control to a SSL/TLS service
- As the name implies, these are certificates that are bound to clients and are used to authenticate the client to the server, allowing access control to an SSL/TLS service
SSL/TLS Server Certificate: A certificate that a web server presents to a client as part of the initial secure setup of an SSL, TLS connection
Self-signed certificate: This certificate has been signed by the same entity that issued the certificate
- This would basically be signing your own public key using your private key.
Root certificate authority: They are self signed because they are the start of the chain of trust, so there’s no higher authority that can sign on their behalf
- Intermediary (subordinate) CA: It means that the entity that this certificate was issued to can now sign other certificates
- End-entity (leaf certificate): A certificate that has no authority as a CA