Public Key Infrastructure and Certificate Services on Windows Server 2003

This article is the first in a series that will cover the design, implementation and management of a PKI. PKI systems have become more and more common in modern IT environments as more technologies are built to take advantage of the strong authentication provided by certificates.

What is a PKI?

A PKI is defined as “the set of policies, practices and components that make up a certificate hierarchy”. There are several key components that must be understood to implement a PKI.

Certificate: A file that follows the X.509 syntax. A certificate contains information identifying the holder, where the certificate came from, when the certificate is valid, what the certificate can be used for, how the certificate can be verified and a thumbprint.

CA: A Certificate Authority (CA) is a software package that accepts and processes certificate requests, issues certificates, and manages issued certificates.

Technologies that Drive PKI

Simply put, it is the role of a PKI to issue and manage certificates. It is fundamental to understanding the operation of a PKI, and that a good understanding of the operation of certificates exist.

Certificates provide the basis for authenticating an entity. This authentication is based on several key principals, some of which are managed by technology, others that are managed by law and organizational policy. At its core, a certificate implements two key technologies; asymmetric encryption (often called public/private key encryption) and hashing.