PKI Certificates Definition
Digital documents can often act as a sort of digital passport that allows you to access websites and services. Within the context of Public Key Infrastructure and PKI-secured conversations, these documents are usually referred to as PKI certificates. A PKI certificate usually includes a certain amount of information such as the public key, which is arguably the most important element of a PKI certificate. In a sense, we can imagine the PKI certificate as the instrument through which the public key is shared and transmitted over the internet. The thing that makes a PKI certificate different from other cryptographic protocols is the fact that in a PKI environment there is a certificate authority (commonly known as CA) that certifies and verifies that the entity presenting the certificate is who they claim to be. Similar to a passport in the physical world, there is an authority that will issue and verify the document so that it can be trusted by everybody.
The main elements that are essential for a digital certificate are:
- An authority designated to issue the PKI certificates. This authority will usually sign the PKI certificate using its public key—which can be verified by anybody.
- An authority to verify the identity of the entities that will be issued the PKI certificate. You can imagine this as the officer taking your fingerprints and taking a picture for your passport. This authority can sometimes be separate from the certificate authority we mentioned earlier.
- A database where all the information about the certificates is easily accessible for the authority so that it is known whether the certificates are valid and for how long.
- A document outlining the policy that is implemented for the specific PKI environment. This policy is important because it allows any third party to evaluate whether the PKI is trustworthy or not.