Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Certificate Authentication and PKI

Public-key infrastructure (PKI) simplifies the distribution of public keys used in public-key authentication. PKI relies on digital certificates as an extension of traditional public keys. Certificate authentication is an extension of public-key authentication because it still uses public keys as the basis but greatly improves scalability. Instead of trusting several individual entities and maintaining a database of their public keys, it is enough to trust a single trusted party, a certification authority (CA).

Because of the improved manageability, security policies can be enforced more easily, and this in turn can result in increased overall security.

Certificates are digital documents that are used for secure authentication of the communicating parties. A certificate binds identity information about an entity to the entity's public key for a certain validity period. A certificate is digitally signed by a trusted third party who has verified that the key pair actually belongs to the entity. Certificates can be thought of as analogous to passports that guarantee the identity of their bearers.

The trusted party who issues certificates to the identified end entities is called a certification authority (CA). Certification authorities can be thought of as being analogous to governments issuing passports for their citizens.


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now