Certification Service Provider

Abstract

In Chap. 3we explain the hierarchical trust model for PKIs. In this trust model, certification authorities that issue certificates play an important role. However, issuing certificates is not sufficient. The certificates must be maintained and additional information must be provided during the entire life cycle. The entity that is responsible for certificate life cycle management is called the certification service provider (CSP). A CA is only one component of a CSP. Another component is the registration authority (RA), which registers certificate applicants and collects all information relevant for issuing certificates. Other possible components of a CSP are, for example, a directory service, which publishes information concerning certificates, and a revocation service, which issues revocation information. Sometimes, certification service providers are also called trust centers. In this chapter, we start by explaining the life cycle of a certificate. Then, we describe the CSP components. In the next chapter, we discuss certificate policies that govern the operation of CSPs in a PKI.