Dec 15, 2020, 09:34 AM
Riaan De Villiers
Today we will look at 5 concepts that every PKI expert should know.
5 tips to become a PKI expert
Public Key Infrastructure (PKI) has the potential to take any organisation's security to the next level.
Today we will take a look at 5 important concepts that any PKI expert must know.
1. Know the different types of use cases for digital certificates
Digital certificates can help you secure your IoT devices ensuring that only authorised devices can access your network.
Other use cases include protecting transactions, providing remote access to your users, device authentication and protecting traffic to your website.
2. Determine your trust level
Digital certificates come at different trust levels. To select the right trust level will depend on what you will use the certificate for.
High trust: High trust certificates are used to secure high-value transactions like contracts where large sums of money is involved.
Medium: For use cases that do not require the highest trust, these certificate types can be used. Typical use cases includes VPN access, website security and securing cloud-based applications.
Low trust: These certificates are used when low risk is involved, for example, to provide a user only once.
Manually managing your PKI system and the digital certificates issued from the system runs the risk of introducing human errors. Not only is it a large administrative burden but users can forget to renew certificates or even where a particular certificate is located.
A good automation system will take care of those problems.
4. Understand the certificate life cycle
A digital certificate has a pre-determined life cycle.
The certificate life cycle is:
Identity verification: before a digital certificate can be issued to a device or a person, it is important to first establish that the identity of device or person and that they are authorised to receive a certificate.
Certificate issuance: This is the act of creating the verified device or person's digital certificate.
Certificate renewal: Every certificate has an expiry date. Normally a certificate's life span is a year. To continue operating without issues, it is important to timeously renew the certificate before the end of its lifespan.
Certificate revocation: A certificate that will no longer be used must be revoked. This will tell the PKI system that the certificate is no longer valid for the use it was created for.
5. Architect your solution
A robust PKI solution will enable your organisation to evolve quicker, take smarter risks, enable trust in your transactions and build trust with your customers and other stakeholders.
What to know more? You can learn more about PKI. on the LAWtrust website or you can contact us for more information.