1-3PKI repositoryA PKI repository can be a Lightweight Directory Access Protocol (LDAP) server or a common database.It stores and manages information like certificate requests, certificates, keys, CRLs and logs whileproviding a simple query function.LDAP is a protocol for accessing and managing PKI information. An LDAP server stores userinformation and digital certificates from the RA server and provides directory navigation service. Froman LDAP server, an entity can retrieve local and CA certificates of its own as well as certificates of otherentities.Applications of PKIThe PKI technology can satisfy the security requirements of online transactions. As an infrastructure,PKI has a wide range of applications. Here are some application examples.VPNA virtual private network (VPN) is a private data communication network built on the publiccommunication infrastructure. A VPN can leverage network layer security protocols (for instance, IPSec)in conjunction with PKI-based encryption and digital signature technologies for confidentiality.Secure E-mailE-mails require confidentiality, integrity, authentication, and non-repudiation. PKI can address theseneeds. The secure E-mail protocol that is currently developing rapidly is Secure/Multipurpose InternetMail Extensions (S/MIME), which is based on PKI and allows for transfer of encrypted mails withsignature.Web securityFor Web security, two peers can establish a Secure Sockets Layer (SSL) connection first fortransparent and secure communications at the application layer. With PKI, SSL enables encryptedcommunications between a browser and a server. Both the communication parties can verify theidentity of each other through digital certificates.Operation of PKIIn a PKI-enabled network, an entity can request a local certificate from the CA and the device can checkthe validity of certificates. Here is how it works:1) An entity submits a certificate request to the RA.2) The RA reviews the identity of the entity and then sends the identity information and the public keywith a digital signature to the CA.3) The CA verifies the digital signature, approves the application, and issues a certificate.4) The RA receives the certificate from the CA, sends it to the LDAP server to provide directorynavigation service, and notifies the entity that the certificate is successfully issued.5) The entity retrieves the certificate. With the certificate, the entity can communicate with otherentities safely through encryption and digital signature.6) The entity makes a request to the CA when it needs to revoke its certificate, while the CA approvesthe request, updates the CRLs and publishes the CRLs on the LDAP server.PKI Configuration Task ListComplete the following tasks to configure PKI: