PKI hierarchy

- [Narrator] Securing network communications…with SSL and TLS begins with the public key…infrastructure hierarchy.…PKI, or public key infrastructure,…is a collection, or hierarchy,…of digital security certificates.…And these certificates, among other data that we will…define later, contain public keys.…Also, certificates might also contain mathematically…related private keys,…and we'll discuss the function of those keys in a bit…more depth, later on.…

Private keys, if they're not stored in the certificate…can also be stored in a separate file.…PKI components include the certificate authority, or the CA.…This component is used to issue new certificates,…to users or devices, or applications.…It can also renew certificates before they expire.…It can also revoke certificates, perhaps due to a…compromised smart phone that might have had a…secured certificate installed on it.…The CA also maintains the certificate revocation list,…the CRL, which is essentially a list of serial numbers…for revoked certificates.…

And also the certificate authority can be taken off line…