Chapter 10. Multiple Certificates per Entity
In this chapter, we discuss the situation in which a single PKI entity holds multiple valid certificates, and we give a number of reasons why such a situation might not only be possible but also desirable. The concept of different uses for key pairs is presented; some attention is also given to the relationship between key pairs and certificates.
Multiple Key Pairs
As time goes on and PKI deployments grow in number and in function, a PKI entity will typically have a number of key pairs even if all key pairs, on the surface, appear to be used for the same purpose (such as signing data). This is because a strong correspondence can exist between a key pair and a “role”—that is, between a key pair and one ...