PKI operation

In a PKI-enabled network, an entity can request a local certificate from the CA and the device can check the validity of certificates. Here is how it operates:

  • An entity submits a certificate request to the RA.

  • The RA reviews the identity of the entity and then sends the identity information and the public key with a digital signature to the CA.

  • The CA verifies the digital signature, approves the application, and issues a certificate.

  • The RA receives the certificate from the CA, sends it to the LDAP server or other distribution point to provide directory navigation service, and notifies the entity that the certificate is successfully issued.

  • The entity retrieves the certificate. With the certificate, the entity can communicate with other entities safely through encryption and digital signature.

  • The entity makes a request to the CA when it needs to revoke its certificate. The CA approves the request, updates the CRLs and publishes the CRLs on the LDAP server or other distribution point.