- What is SSL?
- Why SSL?
- PKI Overview
- SSL Certificate Features
- Ordering a Certificate
- What is a CSR?
- SSL Certificate Installation
- SSL Certificate Errors
- SSL Details
- Special Types
- Copying a Certificate
Public Key Infrastructure (PKI) Overview
Public Key Infrastructure or PKI can be a very complex but important subject. We’ll give you a PKI overview to help you understand what PKI is and how it can help you. PKI is a loaded term that involves the hardware, software, policies, and standards that are necessary to manage SSL certificates. A PKI lets you:
- Authenticate users more securely than standard usernames and passwords
- Encrypt sensitive information
- Electronically sign documents more efficiently
A PKI allows you to bind public keys (contained in SSL certificates) with a person so in a way that allows you to trust the certificate. Public Key Infrastructures most commonly use a Certificate Authority (also called a Registration Authority) to verify the identity of an entity and create unforgeable certificates. Web browsers, web servers, email clients, smart cards, and many other types of hardware and software all have integrated, standards-based PKI support that can be used with each other. A PKI is only as valuable as the standards that are established for issuing certificates.
An SSL Certificate Authority (also called a trusted third party) is an organization that issues digital certificates to organizations or individuals after verifying their identity. The information that it verifies is included in the signed certificate. It is also responsible for revoking certificates that have been compromised. Many Certificate Authorities have their root certificates embedded in web browsers so your web browser automatically trusts them. They will sign an entity’s certificate using their trusted root certificate (or an intermediate of it) to create a "chain of trust" so the browser will trust the entity’s certificate. Basically, web browser developers are saying "We trust this certificate authority and they say that this is the entity's public key so, if we use it, we know we are talking to the right entity."
While the term PKI is a very broad term that covers nearly every implementation of SSL, many SSL providers use the term Managed PKI to describe a system that gives you greater control over issuing, renewing, revoking, and managing SSL certificates while still gaining the advantages of using a trusted CA. Features of a managed PKI system often include:
- Automated issuance of SSL certificates
- Auditing capabilities
- Full lifecycle management
- Central management of the certificates across your entire organization
To learn more about SSL certificates and PKI than this PKI overview has provided read the SSL FAQ.