Home/Glossary/Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

A framework of policies, processes, and technologies for managing digital certificates and public-key encryption.

PKI & CertificatesAlso called: "pki", "certificate infrastructure"

PKI enables secure communications and digital signatures through certificate-based trust.

PKI components

  • Certificate Authority (CA): Issues and signs certificates.
  • Registration Authority (RA): Verifies certificate requests.
  • Certificate Revocation List (CRL): Lists revoked certificates.
  • OCSP: Online Certificate Status Protocol for real-time checking.

Certificate lifecycle

  1. Generation: Create key pair (public/private).
  2. Enrollment: Submit certificate signing request (CSR).
  3. Issuance: CA verifies identity and issues certificate.
  4. Deployment: Install certificate on servers/devices.
  5. Renewal: Replace before expiration.
  6. Revocation: Invalidate if compromised.

Use cases

  • HTTPS/TLS for encrypted web traffic.
  • Code signing for software authenticity.
  • Email encryption (S/MIME, PGP).
  • Document signing for legal validity.
  • VPN and network authentication.

Trust hierarchy

  • Root CA (self-signed, trusted by OS/browsers).
  • Intermediate CAs (signed by root).
  • End-entity certificates (signed by intermediate).

Related Tools

Explore More PKI & Certificates

View all terms

Certificate Transparency (CT)

A public logging system that records all SSL/TLS certificates, enabling detection of misissued or malicious certificates.

Read more →

X.509 Certificate

A digital certificate standard that binds a public key to an identity, enabling encrypted connections and authentication.

Read more →
Back to glossary