7.3.1.1 Public Key Infrastructure

The TLS security is based on the Public Key Infrastructure PKI, in which:

  • A server has its public key stored in a digital certificate with X.509 standard format.
  • The server must have its X.509 certificate issued by Certificate Authority (CA) which in turn may be certified by another CA.
  • This structure forms a chain of X.509 certificates known as chain of trust.
  • The top most CA of the Chain is known to be the Trusted Root Certificate Authority of the chain.