Home/Glossary/Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

A framework of policies, processes, and technologies for managing digital certificates and public-key encryption.

PKI & CertificatesAlso called: "pki", "certificate infrastructure"

PKI enables secure communications and digital signatures through certificate-based trust.

PKI components

  • Certificate Authority (CA): Issues and signs certificates.
  • Registration Authority (RA): Verifies certificate requests.
  • Certificate Revocation List (CRL): Lists revoked certificates.
  • OCSP: Online Certificate Status Protocol for real-time checking.

Certificate lifecycle

  1. Generation: Create key pair (public/private).
  2. Enrollment: Submit certificate signing request (CSR).
  3. Issuance: CA verifies identity and issues certificate.
  4. Deployment: Install certificate on servers/devices.
  5. Renewal: Replace before expiration.
  6. Revocation: Invalidate if compromised.

Use cases

  • HTTPS/TLS for encrypted web traffic.
  • Code signing for software authenticity.
  • Email encryption (S/MIME, PGP).
  • Document signing for legal validity.
  • VPN and network authentication.

Trust hierarchy

  • Root CA (self-signed, trusted by OS/browsers).
  • Intermediate CAs (signed by root).
  • End-entity certificates (signed by intermediate).

Related Tools

Related Articles

View all articles
TLS Certificate Complete Guide: SSL/TLS Certificate Management for DevOps [2026]

TLS Certificate Complete Guide: SSL/TLS Certificate Management for DevOps [2026]

Master SSL/TLS certificate management with our comprehensive guide covering certificate types, lifecycle management, automation, security best practices, mTLS, OCSP stapling, and troubleshooting for modern infrastructure.

Read article →
Password Policy Best Practices for Enterprise Security in 2026

Password Policy Best Practices for Enterprise Security in 2026

Modern password policies have evolved beyond complexity requirements. Learn how to implement passwordless authentication, passkeys, and risk-based policies that improve both security and user experience.

Read article →
HashiCorp Vault: The Complete Guide to Secrets Management

HashiCorp Vault: The Complete Guide to Secrets Management

Master HashiCorp Vault from installation to production. Complete guide covering secrets management, authentication, policies, CI/CD integration, and security operations with links to 9 detailed tutorials.

Read article →
Kubernetes Security & Hardening Workflow | CIS Benchmark

Kubernetes Security & Hardening Workflow | CIS Benchmark

Master the complete Kubernetes security workflow from CIS benchmark assessment to runtime threat detection. Implement Pod Security Standards, RBAC, network policies, and NSA/CISA hardening guidance for production clusters.

Read article →

Explore More PKI & Certificates

View all terms

Certificate Transparency (CT)

A public logging system that records all SSL/TLS certificates, enabling detection of misissued or malicious certificates.

Read more →

X.509 Certificate

A digital certificate standard that binds a public key to an identity, enabling encrypted connections and authentication.

Read more →
Back to glossary