Public key infrastructure (PKI) refers to the hierarchical structure of trust required for the successful implementation of public key cryptography. To verify the trustworthiness of a certificate, you must be able to track a path of certified CAs from the one issuing your local certificate back to a root authority of a CA domain. See Figure 54.
Before You Begin |
|---|
For background information, read |
This topic covers:
Figure 54 shows the structure of a single-domain certificate authority.
Figure 54: PKI Hierarchy of Trust—CA Domain
If certificates are used solely within an organization, that organization can have its own CA domain within which a company CA issues and validates certificates for its employees. If that organization later wants its employees to exchange their certificates with those from another CA domain (for example, with employees at another organization that also has its own CA domain), the two CAs can develop cross-certification by agreeing to trust the authority of each other. In this case, the PKI structure does not extend vertically but does extend horizontally. See Figure 55.
Figure 55: Cross-Certification
For convenience and practicality, PKI must be transparently managed and implemented. Toward this goal, JUNOS Software supports the following features:
 |
Note: JUNOS Software supports a PKCS-7 file size of up to 7 KB. |
