What Is PKI (Public Key Infrastructure)?
Public Key Infrastructure, or PKI, is a system of rules, technologies, and processes that helps secure communication over the internet. Think of it like a digital passport system it verifies that websites and users are who they claim to be.
PKI uses a combination of:
Encryption; scrambling data so only the right person can read it
Digital certificates; like an ID card for websites and users
Certificate Authorities (CAs); trusted organizations that issue those ID cards
Without PKI, anyone could pretend to be your bank, your email provider, or your favourite shopping site. PKI makes that nearly impossible.
Why Does PKI Matter?
Imagine you walk into a bank to withdraw money. The teller checks your ID before giving you anything. PKI does the same thing online it checks the “ID” of a website before your browser exchanges any sensitive information with it.
Every time you:
Log into your email
Make an online payment
Access a school portal
Send a WhatsApp message
PKI and encryption are working behind the scenes to keep you safe.
What Is an SSL Certificate?
An SSL Certificate (Secure Sockets Layer) now technically called a TLS Certificate (Transport Layer Security) is a small digital file that:
Proves a website’s identity
Enables encrypted (secure) communication between your browser and the website
When a website has a valid SSL certificate, your browser shows a padlock icon, and the URL begins with https:// (the “s” stands for secure).
⚠️ Warning: Never enter your personal information, passwords, or payment details on a website that doesn’t have the padlock. It’s like handing your wallet to a stranger.
How Does an SSL Certificate Work?
Here’s what happens in milliseconds when you visit a secure website:
Your Browser Says “Hello”
Your browser (Chrome, Firefox, etc.) contacts the website’s server and says, “I want to connect securely. Here are the encryption methods I support.”
The Server Responds
The server replies with its SSL Certificate, which includes its public key a special code used for encryption.
Your Browser Verifies the Certificate
Your browser checks:
Is this certificate issued by a trusted Certificate Authority (CA)?
Has it expired?
Does it belong to this exact website?
If all checks pass great! If not, your browser shows a big red warning.
The Handshake Creating a Shared Secret
Your browser and the server use a process called the TLS Handshake to agree on a shared session key a temporary secret used just for this session. No one else can intercept or decode it.
Encrypted Communication Begins
All data sent between you and the website is now scrambled using that session key. Even if someone intercepts it, they’ll only see gibberish.
Understanding Public Keys and Private Keys
PKI is built on a concept called asymmetric encryption, which uses two mathematically linked keys:
| Key | Who Has It | What It Does |
|---|---|---|
| Public Key | Everyone (shared openly) | Encrypts data or verifies signatures |
| Private Key | Only the website/server | Decrypts data or creates signatures |
Think of it like a padlock and key:
The public key is the open padlock anyone can use it to lock a message for you.
The private key is the only key that can open that padlock.
So, when you send your credit card details to a website, your browser locks it with the site’s public key. Only the website’s private key which never leaves their server can unlock it.
Who Issues SSL Certificates?
A Certificate Authority (CA) is a trusted third-party organization that:
Verifies the identity of websites and organizations
Issues SSL/TLS Certificates
Maintains a list of revoked certificates
Well known CAs include:
DigiCert
Let’s Encrypt (free CA, very popular!)
GlobalSign
Comodo
Your browser and operating system come pre-loaded with a list of trusted CAs. This is why your browser automatically trusts most websites with valid certificates.
Types of SSL Certificates
Not all SSL certificates are the same. Here’s a quick breakdown:
Domain Validated (DV)
Basic level of trust
Only verifies that the applicant owns the domain
Best for blogs and small websites
Issued quickly (sometimes in minutes)
Organization Validated (OV)
Verifies the organization’s legal identity
Better for business websites
Takes a few days to issue
Extended Validation (EV)
Highest level of trust
Involves thorough background checks
Ideal for banks, e-commerce, hospitals
Previously showed a green address bar in browsers
Wildcard Certificate
Covers a main domain AND all its subdomains
Example: *.portharcourtdataschool.com covers learn.portharcourtdataschool.com, blog.portharcourtdataschool.com, etc.
Multi-Domain (SAN) Certificate
Covers multiple completely different domains in one certificate
What Happens When an SSL Certificate Expires?
SSL certificates are not permanent they expire, typically after 1 year. When that happens:
Browsers display a “Your connection is not private” warning
Visitors are discouraged from entering the site
Search engines may lower the site’s ranking
This is why website owners must renew their certificates regularly. Tools like Let’s Encrypt can even automate this process.
PKI in Everyday Life
PKI isn’t just for websites. It’s used in:
Email security; S/MIME certificates encrypt emails
Code signing; Developers sign software to prove it hasn’t been tampered with
VPNs; Verify the identity of network users
Mobile apps; Secure API communication
Digital signatures; Legally binding document signing (PDF, contracts)
IoT Devices; Smart devices use PKI to communicate securely
Common PKI Terms
| Term | Simple Meaning |
|---|---|
| Encryption | Scrambling data so only the right person can read it |
| Decryption | Unscrambling that data |
| Certificate Authority (CA) | Trusted organization that issues digital IDs |
| TLS Handshake | The “hello and agree” process between browser and server |
| Session Key | Temporary key used for one browsing session |
| Certificate Revocation | Cancelling a certificate before it expires (if compromised) |
| HTTPS | HTTP + SSL/TLS = secure web connection |
| CSR | Certificate Signing Request the application form for an SSL certificate |
How to Check if a Website Has a Valid SSL Certificate
It’s simple:
Look for the padlock icon in your browser’s address bar
Click on it to see certificate details (who issued it, when it expires, what domain it covers)
Check that the URL begins with https://
You can also use free tools like SSL Labs by Qualys to run a full SSL check on any website.
Why You Should Learn Cybersecurity
Cybercrime is one of the fastest-growing threats globally. With more businesses going online especially in Africa the demand for cybersecurity professionals has never been higher.
Understanding PKI and SSL is just the beginning. There’s a whole world of:
Ethical Hacking
Digital Forensics
Cryptography
Learn This and More at Port Harcourt Data School
If you found this article helpful and want to go deeper into cybersecurity, data science, artificial intelligence, and software development, Port Harcourt Data School is the place to be.
We are proudly Africa’s #1 tech institution, producing world-class tech professionals right from the heart of Rivers State, Nigeria.
At Port Harcourt Data School, we offer:
Hands on, practical training
Industry experienced instructors
Certifications recognized globally
Career support and job placement assistance
Flexible learning schedules (weekday & weekend classes)
Beginner friendly programs no prior experience needed
Whether you’re a student, a working professional, or an entrepreneur, we have a program for you.
CONCLUSION
PKI and SSL certificates are the invisible backbone of internet security. Every time you shop online, log into an account, or use a mobile app, this technology is protecting you. Understanding how it works is the first step toward building a career in cybersecurity one of the most in-demand skills of our time.
The digital revolution is happening now in Africa, and Port Harcourt Data School is at the forefront of training the next generation of tech experts.
Take the first step today. Visit www.aischoolnigeria.com and enrol in a course that will change your career forever.