Specifications
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 5 of 42
A PKI should include at least five components, described in Table 4-2.
Figure 4-1 shows the PKI architectural model and the interactions between all entities.
Figure 4-1
PKI Architectural Model
The initialization process consists of setting the necessary configuration for a PKI entity to communicate with other
PKI entities. For example, the initialization of an end entity involves providing it with the public key certificate of a
trusted certification authority. The initialization of a certification authority involves the generation of its key pair.
Table 4-2 PKI Components
Registration authority A registration authority provides an interface to all the security management
activities that require global coordination to provide a comprehensive and
consistent view of security configuration. In its key management function, it
registers users needing keys and certificates, collects information required to
submit a certification or a revocation request, and connects certification
authorities.
Certification authority A certification authority issues and revokes certificates according to a
certification policy. In general, a certification authority is a specialized
component that works in an offline mode and is operated by a
certification-authority operator according to a certification policy.
Certification authority agent A certification authority agent is the online front end to a certification
authority. Public key certification may be an offline process.
End entity An end entity may be a certificate holder that is issued a certificate and can
sign digital documents or a client that validates digital signatures and their
certification path from a known public key of a trusted certification authority.
Repository A repository is where certificates and revocation lists are stored and made
available.
Certification and
Revocation Requests
Certification Authority Agent
(CAA)
Certification Authority
(CA)
End Entities
(EE)
Registration Authority
(RA)
Repository
Publication
Retreival
Registration
Requests