Chapter 10. Multiple Certificates per Entity

In this chapter, we discuss the situation in which a single PKI entity holds multiple valid certificates, and we give a number of reasons why such a situation might not only be possible but also desirable. The concept of different uses for key pairs is presented; some attention is also given to the relationship between key pairs and certificates.

Multiple Key Pairs

As time goes on and PKI deployments grow in number and in function, a PKI entity will typically have a number of key pairs even if all key pairs, on the surface, appear to be used for the same purpose (such as signing data). This is because a strong correspondence can exist between a key pair and a “role”—that is, between a key pair and one ...

Get Understanding PKI: Concepts, Standards, and Deployment Considerations, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.