7.3.1.1 Public Key Infrastructure
The TLS security is based on the Public Key Infrastructure PKI, in which:
- A server has its public key stored in a digital certificate with X.509 standard format.
- The server must have its X.509 certificate issued by Certificate Authority (CA) which in turn may be certified by another CA.
- This structure forms a chain of X.509 certificates known as chain of trust.
- The top most CA of the Chain is known to be the Trusted Root Certificate Authority of the chain.