1. pkiuniversity.com

2. Alice Bob Honest Abe’s CA

4. Simple PKI hierarchy

5. Multi-level hierarchy

6. My personal Certificate (Installed on a Mac)

7. Dartmouth CA’s Certificate (Installed on a Mac)

8. Building a trust path 1.To verify certificate α starting with a set of trusted certificates we need to: a.Identify the issuer of α (i.e., β) b.Verify if β is trusted 2.If β is among the set of trusted certificates, the original cert is trusted 3.Else if β is a root certificate, the original cert is untrusted 4.Else if β is not trusted set α=β and repeat the process until a trusted or a root certificate is identified

9. Typical trust chain

10. Cross certification

11. Multiple cross certification

12. Cross certification fuzziness

14. Bridge CA

15. Bridge CA advantages

16. Certification Process

17. How to obtain a certificate 1Alice generates a key pair 2Alice visits (online or in person) the RA, presenting documents attesting to her identity 3 RA verifies Alice’s documents and, if they’re ok, gives Alice a confirmation #. RA then notifies CA (via secure channel) of Alice’s application, RA’s authentication of her documents, and the confirmation #. 4 CA verifies all this, notes Alice’s application and confirmation #, and returns an authorization code to the RA, and the RA gives that to Alice. 5 Alice creates a certificate request, including a) ID info she gave to RA, b) Authorization code, c) Confirmation #, and d) Her Public key Alice signs the request with her private key, and sends it to the CA 6 CA verifies Alice’s signature on the request, then recovers the public key. CA might also do offline checks on Alice’s ID info. 7CA creates a certificate with Alice’s public key and ID Info and signs it with the CA’s private key. 8 Alice verifies the CA’s signature on the certificate, and verifies that the public key it contains really is hers (the CA didn’t modify her public key or ID Info). 9The certificate is published.