Public Key Infrastructure
Public Key Infrastructure (PKI) is the framework of policies, hardware, software, procedures, and standards needed to create, manage, distribute, use, store, and revoke digital certificates and public keys.
⚙️ How Does It Work?
PKI is built on Certificate Authorities (CAs) that issue, sign, and revoke digital certificates. A hierarchical trust model (root CA → intermediate CA → end-entity certificate) establishes chains of trust. CRL/OCSP protocols handle revocation.
📍 Where Is It Used?
TLS/HTTPS, code signing, email encryption, VPN authentication, smart card/CAC authentication, IoT device identity, service-to-service authentication (mTLS).
💡 Real-World Example
A company runs an internal PKI to issue certificates for all 50,000 machine identities: TLS certificates for web servers (renewed every 90 days), client certificates for endpoints, and service certificates for microservices. Automation via ACME protocol handles renewal without human intervention.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →