10-110 PKI ConfigurationWhen configuring PKI, go to these sections for information you are interested in:z Introduction to PKIz PKI Configuration Task Listz Displaying and Maintaining PKIz PKI Configuration Examplesz Troubleshooting PKIIntroduction to PKIThis section covers these topics:z PKI Overviewz PKI Termsz Architecture of PKIz Applications of PKIz Operation of PKIPKI OverviewThe Public Key Infrastructure (PKI) is a general security infrastructure for providing informationsecurity through public key technologies.PKI, also called asymmetric key infrastructure, uses a key pair to encrypt and decrypt the data. Thekey pair consists of a private key and a public key. The private key must be kept secret while the publickey needs to be distributed. Data encrypted by one of the two keys can only be decrypted by the other.A key problem of PKI is how to manage the public keys. Currently, PKI employs the digital certificatemechanism to solve this problem. The digital certificate mechanism binds public keys to their owners,helping distribute public keys in large networks securely.With digital certificates, the PKI system provides network communication and e-commerce withsecurity services such as user authentication, data non-repudiation, data confidentiality, and dataintegrity.PKI TermsDigital certificateA digital certificate is a file signed by a certificate authority (CA) for an entity. It includes mainly theidentity information of the entity, the public key of the entity, the name and signature of the CA, and thevalidity period of the certificate, where the signature of the CA ensures the validity and authority of thecertificate. A digital certificate must comply with the international standard of ITU-T X.509. Currently,the most common standard is X.509 v3.This manual involves two types of certificates: local certificate and CA certificate. A local certificate is adigital certificate signed by a CA for an entity, while a CA certificate is the certificate of a CA. If multipleCAs are trusted by different users in a PKI system, the CAs will form a CA tree with the root CA at the