PKI (Public Key Infrastructure)

The framework of policies, hardware, software, people, and procedures for creating, managing, distributing, using, storing, and revoking digital certificates and public-key cryptography. PKI consists of root CAs, intermediate CAs, registration authorities (RAs), certificate stores, revocation services (OCSP, CRL), and the policies governing them. Public PKI is anchored in browser and OS trust stores; private PKI (e.g., internal CAs built with HashiCorp Vault or EJBCA) is used for mutual TLS within microservice architectures and enterprise networks.