Home/Glossary/Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

A framework of policies, processes, and technologies for managing digital certificates and public-key encryption.

PKI & CertificatesAlso called: "pki", "certificate infrastructure"

PKI enables secure communications and digital signatures through certificate-based trust.

PKI components

  • Certificate Authority (CA): Issues and signs certificates.
  • Registration Authority (RA): Verifies certificate requests.
  • Certificate Revocation List (CRL): Lists revoked certificates.
  • OCSP: Online Certificate Status Protocol for real-time checking.

Certificate lifecycle

  1. Generation: Create key pair (public/private).
  2. Enrollment: Submit certificate signing request (CSR).
  3. Issuance: CA verifies identity and issues certificate.
  4. Deployment: Install certificate on servers/devices.
  5. Renewal: Replace before expiration.
  6. Revocation: Invalidate if compromised.

Use cases

  • HTTPS/TLS for encrypted web traffic.
  • Code signing for software authenticity.
  • Email encryption (S/MIME, PGP).
  • Document signing for legal validity.
  • VPN and network authentication.

Trust hierarchy

  • Root CA (self-signed, trusted by OS/browsers).
  • Intermediate CAs (signed by root).
  • End-entity certificates (signed by intermediate).

Related Tools

Related Articles

View all articles
Password Policy Best Practices for Enterprise Security in 2026

Password Policy Best Practices for Enterprise Security in 2026

Modern password policies have evolved beyond complexity requirements. Learn how to implement passwordless authentication, passkeys, and risk-based policies that improve both security and user experience.

Read article →
HashiCorp Vault: The Complete Guide to Secrets Management

HashiCorp Vault: The Complete Guide to Secrets Management

Master HashiCorp Vault from installation to production. Complete guide covering secrets management, authentication, policies, CI/CD integration, and security operations with links to 9 detailed tutorials.

Read article →
Kubernetes Security & Hardening Workflow | CIS Benchmark

Kubernetes Security & Hardening Workflow | CIS Benchmark

Master the complete Kubernetes security workflow from CIS benchmark assessment to runtime threat detection. Implement Pod Security Standards, RBAC, network policies, and NSA/CISA hardening guidance for production clusters.

Read article →
X.509 Certificate Contents: Understanding Subject, Issuer, and Extensions

X.509 Certificate Contents: Understanding Subject, Issuer, and Extensions

Explore X.509 certificate structure including subject, issuer, validity period, public key, serial number, and extensions. Learn what each field means for SSL/TLS security.

Read article →

Explore More PKI & Certificates

View all terms

Certificate Transparency (CT)

A public logging system that records all SSL/TLS certificates, enabling detection of misissued or malicious certificates.

Read more →

X.509 Certificate

A digital certificate standard that binds a public key to an identity, enabling encrypted connections and authentication.

Read more →
Back to glossary