Chapter 18. Public Key Infrastructure and Certificates


Public key infrastructure (PKI) and certification authorities (CA) have become very popular IT artifacts. They can be used for a multitude of purposes including identity assertion, encryption, and digital signatures. They’re actually relatively easy to set up and very easy to maintain. However, before jumping into the recipes, you should understand some of the basic concepts and terminology of PKI.

A certificate is the binding of a public key to an identity. Any certificate has three very important components: (1) the public key, (2) the identification information, and (3) the digital signature of the certificate issued by the CA. These components provide enough information to complete tasks such as authentication, encryption, and digital signature creation. Because a certificate contains only essential information, it tends to be rather small—2KB or less is average. As we’ll see during our discussion of certificate deployment later in this chapter, small size is one element that makes certificate deployment a bit easier than if the certificates were huge. And even when certificates are customized (for example, by using a custom certificate template) to add additional information, they tend to stay small.

Why would you want to use public key certificates in your corporation? Simply put, they are the best way to establish trust and provide a method for secure communication among users in your corporation.

Numerous applications ...

Get Windows Server 2003 Security Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.