Understanding the Repository

The Certificate Repository contains the system that holds certificates and information about all unexpired certificates including revocation information. Each item below has a specific function and a brief explanation is given as to the purpose of that function.

Directory

Lightweight Directory Access Protocol (LDAP) which is an online directory service protocol where entries are stored in a hierarchical structure indexed by a unique identifier called the Distinguished Name.

*** Undergoing revision/update ***

Usually a common interface to allow a client to authenticate to one server and the authentication allows the user to gain access to other services as well.

ECA Root Certificate

This certificate is self-signed, meaning that it is at the top of a trust pyramid. All subordinate certificates inherit their trust from the Root Signing Certificate of that particular PKI, in this case, the ECA Root Certificate.

CA Signing Certificate

A certificate is the binding of an entity’s identity to a public/private key pair, usually by a trusted third party. The CA signing certificate is used to digitally sign subordinate certificates for end-entities or other CA certificates.

Certificate Revocation List (CRL)

Used to view a list of certificates that have been revoked but have not yet expired. The CRL is digitally signed by the CA to ensure its validity to relying parties.