HomeIdentity Security Encyclopedia › PKI

PKI

Public Key Infrastructure

Public Key Infrastructure (PKI) is the framework of policies, hardware, software, procedures, and standards needed to create, manage, distribute, use, store, and revoke digital certificates and public keys.

IAM Cryptography Certificate NHI

❓ What is PKI?

Public Key Infrastructure (PKI) is the framework of policies, hardware, software, procedures, and standards needed to create, manage, distribute, use, store, and revoke digital certificates and public keys.

⚙️ How Does It Work?

PKI is built on Certificate Authorities (CAs) that issue, sign, and revoke digital certificates. A hierarchical trust model (root CA → intermediate CA → end-entity certificate) establishes chains of trust. CRL/OCSP protocols handle revocation.

📍 Where Is It Used?

TLS/HTTPS, code signing, email encryption, VPN authentication, smart card/CAC authentication, IoT device identity, service-to-service authentication (mTLS).

💡 Real-World Example

A company runs an internal PKI to issue certificates for all 50,000 machine identities: TLS certificates for web servers (renewed every 90 days), client certificates for endpoints, and service certificates for microservices. Automation via ACME protocol handles renewal without human intervention.

🔗 Related Terms

Certificate mTLS Machine Identity Certificate Authority Non-Human Identity
← Ping IdentityRansomware and Identity →

Stay Ahead in Identity Security

Get weekly IAM, PAM & IGA insights delivered to your inbox via Identity Pulse.

Subscribe to Identity Pulse →
Scroll to top