JT
JT Exams
Log inStart Free Trial
SecuritySecurity+CISSP

PKI and Digital Certificates Explained for Security+ and CISSP

Every time your browser shows a padlock icon, PKI is working in the background. Public Key Infrastructure is the system that makes it possible to trust a website you have never visited before, verify that a software update actually came from the vendor, and sign a document electronically with legal weight. Security+ and CISSP both test PKI extensively because it underpins almost every secure communication technology in use today. You need to understand how certificate authorities issue trust, what information a certificate contains, and what happens when that trust is revoked.

8 min
3 sections · 7 exam key points
5 practice questions

Asymmetric cryptography and key pairs

PKI is built on asymmetric cryptography, where every participant has two mathematically linked keys: a public key that anyone can have and a private key that only the owner possesses. What one key encrypts, only the other can decrypt. This relationship is one-way: knowing the public key tells you nothing useful about the private key.

When you encrypt data with someone's public key, only their private key can decrypt it. This gives you confidentiality because only the intended recipient can read the message. When someone encrypts data with their own private key, anyone with the public key can decrypt it and verify that only the private key owner could have produced it. This is how digital signatures work.

The problem PKI solves is: how do you know that a public key actually belongs to who you think it does? Without a system of trust, an attacker could substitute their own public key and intercept communications. Certificate Authorities solve this problem.

Certificate Authorities and the chain of trust

A Certificate Authority (CA) is a trusted third party that binds a public key to an identity by issuing a digital certificate. The CA verifies that the entity requesting a certificate actually controls the domain or identity they claim, then signs the certificate with the CA's own private key. When your browser receives a certificate, it verifies the CA's signature using the CA's public key, which is pre-installed in the browser's trusted root store.

The chain of trust usually has three levels: a Root CA at the top (offline, highly protected), one or more Intermediate CAs in the middle (issue certificates on behalf of the Root), and end-entity certificates at the bottom (the certificates websites and users actually use). Root CAs sign intermediate certificates. Intermediate CAs sign end-entity certificates. Your browser trusts the whole chain as long as it can trace back to a trusted root.

An X.509 certificate contains: the subject's distinguished name (who the certificate belongs to), the subject's public key, the issuing CA's name, validity dates (not before, not after), and the CA's digital signature over all of this. The signature is what prevents tampering. If any field changes, the signature becomes invalid.

Certificate revocation and how to choose the correct answer

Certificates expire, but sometimes they need to be invalidated before expiry. A private key compromise is the most serious reason: if an attacker has a copy of your private key, your certificate cannot be trusted even if it is technically still valid. Revocation is also used when an employee leaves and their certificate should no longer be trusted.

CRL (Certificate Revocation List): a periodically published list of revoked certificate serial numbers, signed by the CA. Browsers download the CRL and check whether the certificate's serial number appears. CRLs can be large and may be outdated by hours or days depending on publishing frequency.

OCSP (Online Certificate Status Protocol): real-time protocol where a browser sends a specific certificate's serial number to an OCSP responder and gets a signed response: good, revoked, or unknown. Faster and more current than CRL. OCSP Stapling attaches a cached, signed OCSP response to the TLS handshake, eliminating the extra round-trip to the OCSP server.

Choosing correct answers: verifying a certificate = checking signature chain and validity. Revoking before expiry = CRL or OCSP. Real-time revocation check = OCSP. Offline periodic check = CRL. Digital signature provides integrity and non-repudiation. Encrypting with public key provides confidentiality.

CRL vs OCSP certificate revocation

MethodHow it worksTimelinessBandwidth
CRLDownloaded list of revoked serial numbersPotentially hours behindLarge file, cached
OCSPReal-time per-certificate query to responderCurrentSmall, per request
OCSP StaplingCertificate holder caches and sends OCSP response in TLS handshakeCurrent (within staple TTL)Zero extra round-trip

Key exam facts — Security+ / CISSP

  • Asymmetric key pair: public key encrypts (confidentiality) or verifies signature. Private key decrypts or signs.
  • Digital signature: hash of data encrypted with signer's private key. Provides integrity and non-repudiation.
  • CA signs certificates to bind a public key to an identity.
  • Chain of trust: Root CA > Intermediate CA > End-entity certificate.
  • X.509 certificate contains: subject, public key, issuing CA, validity dates, CA signature.
  • CRL: periodic list of revoked certs. OCSP: real-time per-cert status. OCSP Stapling: stapled to TLS handshake.
  • Private key compromise: revoke immediately via CRL or OCSP.

Common exam traps

Encrypting data with your own private key provides confidentiality.

Encrypting with your private key creates a digital signature, not confidential data. Anyone with your public key can decrypt it. For confidentiality, encrypt with the recipient's public key so only they can decrypt with their private key.

A certificate with a valid CA signature means the website is safe.

A valid certificate only proves that the CA verified the domain ownership at the time of issuance. It does not guarantee the website's content is safe, the business is legitimate, or the private key has not been compromised. Check the certificate's purpose and revocation status.

Root CA certificates are commonly used to sign end-entity certificates directly.

Root CAs are kept offline to protect them. In production PKI, end-entity certificates are signed by Intermediate CAs. The Root CA's exposure is limited to signing intermediate certificates, which happen infrequently.

Practice questions — PKI & Certificates

These questions are representative of what you will see on Security+, CISSP exams. The correct answer and explanation are shown immediately below each question.

Q1.A user encrypts a document with their own private key and sends it to a colleague. What security property does this provide?

A.Confidentiality, because the private key is secret
B.Integrity and non-repudiation, because only the private key owner could have produced it
C.Availability, because the document is now stored securely
D.Authentication of the recipient's identity

Explanation: Encrypting with your own private key creates a digital signature. Anyone with the corresponding public key can decrypt it, so confidentiality is not provided. However, since only the private key owner could have created the signature, it proves the document came from that person (authentication/non-repudiation) and that it hasn't been altered (integrity).

Q2.A browser receives a TLS certificate from a web server. Which step verifies that the certificate is authentic and has not been tampered with?

A.The browser checks the certificate's expiration date
B.The browser verifies the CA's digital signature on the certificate using the CA's public key
C.The browser compares the certificate to a locally stored copy
D.The browser pings the web server to confirm it is online

Explanation: The CA signs each certificate with the CA's private key. The browser uses the CA's public key (from its trusted root store) to verify the signature. If the certificate has been tampered with, the signature verification fails. The browser also checks expiration and revocation, but verifying the CA signature is the core trust mechanism.

Q3.An organization's private key has been compromised. The certificate is still within its validity period. What should the security team do?

A.Wait for the certificate to expire naturally since it is still technically valid
B.Request certificate revocation via CRL or OCSP and obtain a new certificate
C.Increase the certificate's validity period to allow more time for remediation
D.Change the certificate's common name to invalidate the old one

Explanation: A compromised private key means the certificate cannot be trusted even if it hasn't expired. The security team must revoke the certificate immediately through CRL or OCSP to prevent the attacker from impersonating the organization. A new key pair and certificate must then be issued.

Q4.What is the advantage of OCSP Stapling over traditional OCSP for certificate revocation checking?

A.OCSP Stapling uses a longer revocation list that is more complete
B.The server pre-fetches a signed OCSP response and includes it in the TLS handshake, eliminating the browser's extra round-trip to the OCSP responder
C.OCSP Stapling checks the certificate against a local CRL instead of querying a remote server
D.OCSP Stapling is only used for Root CA certificates

Explanation: Traditional OCSP requires the browser to contact the OCSP responder in real-time during the TLS handshake, adding latency and creating a privacy concern (the OCSP responder learns which sites you visit). OCSP Stapling has the web server periodically fetch and cache a signed OCSP response, then include it in the TLS handshake. The browser gets revocation status without the extra network round-trip.

Q5.In a three-tier PKI hierarchy, why is the Root CA kept offline?

A.Root CAs have limited processing power and cannot handle online requests
B.The Root CA's private key is so sensitive that compromise would invalidate trust for all certificates in the hierarchy
C.Root CAs only issue certificates during business hours
D.Online Root CAs cause compatibility issues with OCSP

Explanation: If the Root CA's private key is compromised, every certificate in the entire trust hierarchy becomes suspect. Keeping the Root CA offline and only bringing it online for the rare task of signing intermediate CA certificates dramatically limits the attack surface. Intermediate CAs handle day-to-day certificate issuance and can be more readily revoked and replaced if compromised.

Frequently asked questions — PKI & Certificates

What is PKI and what problem does it solve?

Public Key Infrastructure (PKI) is the system of policies, procedures, and technologies that manages digital certificates and public keys. The core problem it solves is trust: how do you know that a public key actually belongs to who claims to own it? Without PKI, an attacker could present their own public key and impersonate a legitimate entity. PKI uses Certificate Authorities (CAs) to issue digitally signed certificates that bind a public key to a verified identity.

What is the difference between a digital certificate and a digital signature?

A digital certificate is a file issued by a CA that binds a public key to an identity (like a domain name). It contains the subject's public key, identity information, validity dates, and the CA's digital signature. A digital signature is a cryptographic operation where the signer hashes data and encrypts that hash with their private key. The signature proves the data came from the key owner and hasn't changed. Certificates use digital signatures (from the CA) to prove their authenticity.

What is the difference between CRL and OCSP for certificate revocation?

A CRL (Certificate Revocation List) is a periodically published file listing revoked certificate serial numbers. Browsers download it and check it locally — it can be hours behind and is potentially large. OCSP (Online Certificate Status Protocol) allows real-time per-certificate status queries. OCSP Stapling improves on basic OCSP by having the server pre-fetch and cache a signed OCSP response, including it in the TLS handshake to avoid the browser's extra network roundtrip.

How are PKI concepts tested on Security+ and CISSP?

Security+ tests certificate components (X.509 fields), CA hierarchy (root, intermediate, end-entity), key usage (encrypt with public key for confidentiality, encrypt with private key for signatures), revocation methods (CRL vs OCSP), and trust models. CISSP goes deeper on PKI management, certificate policies, registration authorities, cross-certification, and operational security for CAs. Both exams test when to use which revocation mechanism.

Is a certificate the same as a public key?

No. A public key is just a mathematical value. A certificate is a standardized container (X.509 format) that includes the public key along with the owner's identity information, validity dates, key usage restrictions, and the CA's digital signature over all of this. The certificate gives the public key context and provenance — it proves the key belongs to a specific entity as verified by the CA.

Practice this topic

Security+practice questions

Test yourself on PKI & Certificates

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice testStart 7-Day Free Trial

No credit card · Cancel anytime

Related certification topics

Cryptography

Security+CISSP

CIA Triad

Security+CISSP

Identity & Access Mgmt

Security+CISSP

Zero Trust

Security+CISSP