Read as
Last updated: April 29, 2026
CAs, cert types, ACME, lifecycle, revocation, internal PKI, service mesh PKI, code signing, lifetime trends.
Public Key Infrastructure (PKI) is the system that issues, manages, and revokes the certificates that authenticate identities (servers, clients, code, documents). Understanding PKI is necessary for anything beyond “Let’s Encrypt this server.” This module covers Certificate Authorities, the cert lifecycle, ACME automation, internal PKI for service mesh, and the architectural decisions that matter.
The PKI components
- Certificate Authority (CA) — entity that issues certificates. Trusted by relying parties
- Registration Authority (RA) — verifies identity before CA issues; sometimes the same as CA
- Subject — entity the certificate identifies (server, person, device)
- Relying Party — the consumer that validates and trusts the certificate (browser, application)
- Repository / Directory — where issued certs and revocations are published
- Trust Store — list of CAs the relying party trusts (OS, browser, custom)
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants