Planning and designing a public key infrastructure (PKI) for a large organization is a complicated undertaking, but the process can be broken down into three general steps. First, as part of a team of stakeholders, you need to identify and assess the needs of the PKI. Second, you can design the PKI by mapping out the particular certification authorities (CAs) you need to create and the trust relationships among them. Third, you need to design the lifecycle management procedures for each CA: how certificates are issued, renewed, and revoked.

This chapter provides an overview of each of these three steps in the PKI design process.

Exam objectives in this chapter: