1.3. PKI – processes and roles | Managed PKI - Setup & Support
A data security specialist by Swiss Post

Main section

1.3. PKI – processes and roles

Certificates have two key jobs – they are a container for the public key and they also connect the public key to the certificate issuer/key holder. The role of a certificate service provider is to confirm and guarantee this connection as an independent third party at the level that is in line with the CP/CPS. The following services, activities and roles are required to guarantee this:

Registration service

  • Certificate request from the applicant

  • Certificate request review by the registration authority officer (RAO), hereinafter referred to as the access manager.

  • Approval of the certificate request by the access manager (RAO)

Certificate generation service

  • Certificate generation

Revocation service (service to declare invalidity)

  • Online invalidity declaration by the certificate holder

  • Offline invalidity declaration by the access manager (RAO)

Dissemination services (dissemination of information)

  • CP/CPS

  • OCSP (Online Certificate Status Protocol) – online status of the certificate’s validity

  • CRL (Certificate Revocation List) – invalidity list (offline) for certificates

  • LDAP (Lightweight Directory Access Protocol)