PKI Certificate Tutorials - Herong's Tutorial Examples - v1.10, by Herong Yang
Usage Examples of Public Key Infrastructure
This section provides some usage examples of PKI (Public Key Infrastructure), like HTTPS (Hypertext Transfer Protocol Secure) protocol, digital signature, encryption of documents, digital identification.
The most popular usage example of PKI (Public Key Infrastructure) is the HTTPS (Hypertext Transfer Protocol Secure) protocol. HTTPS is a combination of the HTTP (Hypertext Transfer Protocol) and SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to provide secure identification of a Website and encrypted communication.
In HTTPS, the Web server's PKI certificate is used by the browser for two purposes:
Here is a simple illustration of using PKI in HTTPS communication:
There are 3 major activities illustrated in the diagram:
1. Installing CA (Certificate Authority) root certificate - The browser vendor receives the CA root certificate from the CA, and distributes it as part of the browser installation package.
2. Installing Website certificate - The Website owner sends a certificate request to the CA. The CA, acting as the RA, verifies the Web server identity, and signs (or issues) the Website certificate. The owner then installs the certificate on the Website server.
3.1. Validating Website certificate - An end user visits the Website with the browser and receives a copy of the Website certificate. The browser then acts as the VA and validates it against the pre-installed CA root certificate.
3.2. Securing Website Communications (not shown in the diagram) - If the Website certificate is valid, the browser will use it to share an encryption key with the Website. After that, all communications between the browser and the Website will be encrypted.
Other usage examples of PKI (Public Key Infrastructure) are:
Table of Contents
►Introduction of PKI (Public Key Infrastructure)
What Is PKI (Public Key Infrastructure)
►Usage Examples of Public Key Infrastructure
Most Popular Certificate Authorities
Introduction of PKI Certificate
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File