Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH Tectia

Certificate Authentication and PKI

Public-key infrastructure (PKI) simplifies the distribution of public keys used in public-key authentication. PKI relies on digital certificates as an extension of traditional public keys. Certificate authentication is an extension of public-key authentication because it still uses public keys as the basis but greatly improves scalability. Instead of trusting several individual entities and maintaining a database of their public keys, it is enough to trust a single trusted party, a certification authority (CA).

Because of the improved manageability, security policies can be enforced more easily, and this in turn can result in increased overall security.

Certificates are digital documents that are used for secure authentication of the communicating parties. A certificate binds identity information about an entity to the entity's public key for a certain validity period. A certificate is digitally signed by a trusted third party who has verified that the key pair actually belongs to the entity. Certificates can be thought of as analogous to passports that guarantee the identity of their bearers.

The trusted party who issues certificates to the identified end entities is called a certification authority (CA). Certification authorities can be thought of as being analogous to governments issuing passports for their citizens.