An overview of PKI
PKI is generally a hierarchical organization of encryption certificate and key pairs. Typically, as used with most websites, the top of the hierarchy is the CA. This is the root of the entire tree, and trust is rooted at this level. If the root is trusted, all the key pairs underlying will also be trusted. From the root-level CA, there can be client certificates, server certificates, sub-CAs, and certificate revocation lists (CRLs). Under each sub-CA, this list of possibilities repeats.
To use a PKI to its full potential, the users and systems need to trust the root CA, and any intermediate CAs in the chain. With most modern web browsers, the browser authors or vendors have vetted and approved a large list of root-level certificate authorities to trust by default. These authorities are generally commercial vendors such as VeriSign, Go Daddy, Comodo, Trend Micro, various government entities, and many others.
Due to this preapproved list for browsers, the vast majority of...
