You Can Control Some of the Information Loaded into a PKI Certificate

You have the ability to control certain types of information which is loaded into a PKI certificate whenever a new one is created. For instance, you can set an expiration date in the certificate when it will be publically shared and contain a public key. One reason you may want to set an expiration date is any time you are working with a vendor and only need the certificate for a short period of time. Once you complete your business transaction there is no reason for them to still have a valid certificate.

A PKI Certificate Contains Either a Public or Private Key

A PKI certificate follows the public key infrastructure guidelines anytime a new certificate is created. These guidelines require organizations to create two pairs of keys contained in two different certificates. Each key is needed in order for authentication to be established. The certificate containing the private key is always retained and never shared. The certificate with the public key is intended to be shared with multiple users, even those outside of your organization.