188
statement (CPS). A CA policy can be acquired through out-of-band means such as phone, disk, and
email. As different CAs might use different methods to check the binding of a public key with an entity,
make sure that you understand the CA policy before selecting a trusted CA for certificate request.
PKI architecture
A PKI system consists of entities, a CA, a registration authority (RA), and a PKI repository.
Figure 54 PKI architecture
Certificate/CRL repository
Entity
RA
CA
PKI user
PKI
management
authorities
Issue a
certificate
Issue a certificate/CRL
ï‚· Entity
An entity is an end user of PKI products or services, such as a person, an organization, a device like a
router or a switch, or a process running on a computer.
ï‚· CA
A CA is a trusted authority responsible for issuing and managing digital certificates. A CA issues
certificates, specifies the validity periods of certificates, and revokes certificates as needed by publishing
CRLs.
ï‚· RA
A registration authority (RA) is an extended part of a CA or an independent authority. An RA can
implement functions including identity authentication, CRL management, key pair generation and key pair
backup. The PKI standard recommends that an independent RA be used for registration management to
achieve higher security.
ï‚· PKI repository
A PKI repository can be a Lightweight Directory Access Protocol (LDAP) server or a common database. It
stores and manages information like certificate requests, certificates, keys, CRLs and logs while providing
a simple query function.
LDAP is a protocol for accessing and managing PKI information. An LDAP server stores user information
and digital certificates from the RA server and provides directory navigation service. From an LDAP
server, an entity can retrieve local and CA certificates of its own as well as certificates of other entities.
PKI applications
The PKI technology can satisfy the security requirements of online transactions. As an infrastructure, PKI
has a wide range of applications. Here are some application examples.
To Next Page
Loading...
Need help?
General