รู้จัก PKI : Public Key Infrastructure
PKI หรือ Public Key Infrastructure เอาง่ายๆ ก็คือใบ Cert ที่เราเห็นๆกันในเว็บที่ใช้งาน HTTPS นั้นแหละครับ
ส่วนประกอบโครงสร้างของการจะใช้งาน PKI มีอะไรบ้าง
Certificate authority (CA) - Issues an entity's certificate and acts as a trusted component within a private PKI. Any certificate issued by the CA is trusted by all entities that trust the CA. The exact role of a CA will depend on its position within a CA hierarchy.
- คนออก Cert
Registration authority (RA) - Receives certificate signing requests and verifies the identity of an end entity.
The RA will approve a request before the certificate can be issued by the CA. This is a very important stage of the process and it often involves a procedure to enrol end entities into the PKI.
- รับใบรีเควสและตรวจสอบ รับรอง ก่อนที่ CA จะออกใบ Cert
Validation authority (VA) - A VA allows an entity to check that a certificate has not been revoked. The VA role is often carried out by an online facility hosted by an organisation who operates the PKI. A validation authority will often use OCSP or CRL to advertise revoked certificates.
- ตรวจสอบสถานะใบรับรองว่ายัง valid อยู่ไหม
Certificate - A digital document, signed by a CA, and used to prove the owner of a public key, within a PKI. The certificate has a number of attributes, such as usage of the key, Client authentication, Server authentication or Digital signature and the public key. The certificate also contains the subject name which is information identifying the owner. This could be, for example, a DNS name or IP address.
Secure storage - A method of securely storing a private key is required for both the Certificate Authority (CA) and end entity, to protect the key from compromise.
Public/Private key pair - A private key and associated public key are mathematically related to one another. The public key can be shared widely. The private key proves ownership of the identity and must be kept secret.
ดูเพิ่มเติมในซีรีส์
โฆษณา
- ดาวน์โหลดแอปพลิเคชัน
- © 2025 Blockdit
