In Growing A Tree Of Trust -- Part One we looked at public key infrastructures (PKI) from a high level, identifying their components and their value to secure private and personal communications. PKIs explicitly define how digital certificates will be used by the organization, how much trust users can place in them, and how to manage certificate existence (issuance, use, renewal, and revocation).

Rather than delve now into the nuances and esoteric details of how commercial certificate authorities (CAs) help to implement PKIs, it''s instructive to take step back and look at digital certificates themselves in some detail. Although they''re invisible and transparent when used in appropriate applications, there is still a fair amount of user interaction to manage them properly. In this week''s column we''ll walk through these steps of certificate management:

• Requesting a certificate
• Obtaining a certificate,
• Storing a certificate within the browser
• Using a certificate
• Revoking a certificate

Once you''ve gotten a taste for the types of activities necessary within a PKI, you''ll better appreciate what different certificate authorities might offer and how to select the best one for your organization. There''s little that''s obvious about digital certificates. For the most part they''re invisible when their implementation is successful. That success relies upon an impervious process to deliver certificates, since they involve users who must manage the key-pairs for which they''re responsible. This column aims to remove much of the mystery surrounding requesting, obtaining, storing, using, and removing digital certificates via browsers.