A PKI is an arrangement that binds public keys with respective user identities by means of a certification authority. The user identity must be unique within the CA domain.
Key Pair
An ordered set of public key and private key is called a key pair. A public key is the one, which is published; where as a private key is kept to self.
Digital Certificate
A digital certificate is an electronic document which uses a digital signature to bind a public key with an identity – information such as name of the person, organization and so on.
Digital Signature
A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document.
Certificate Authority
A certification authority (CA) is a trusted third party entity that issues a digital certificate. A certification authority is a trusted third party with respect to the owner (subject) of the digital certificate and the party relying on the digital certificate.
Certificate policy
A Certificate Policy, as defined in X.509, is a named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements.
Certificate Policy Class
A certificate policy class is defined under a policy, which specifies the characteristics of a digital certificate issued under the policy. In other words, a certificate policy class is a sub classification of a policy.
Certification Practice Statement (CPS)
It is a public statement that describes the practices of a Certification Authority, employed for issuing, renewing, revoking and validating digital certificates and for supporting reliance on certificates.
Registration Authority
A registration authority (RA) is an entity which provides assurance to the certification authority, that a public key is bound to an individual.
Certificate Signing Request (CSR)
It is a digital message in PKCS#10 formats, sent by an applicant to a certification authority, in order to apply for a digital certificate.
DN Details
DN stands for distinguished names. The DN details should be specified in the CSR, while submitting a request. These DN details can be used to identify a subject's certificate.