The Public Key Infrastructure (PKI) is the software system that allows to sign, validate certificate, keep a list of revoked certificates, distribute CA public key. The goal of PKI is to enable secure communication among parties who have never met before.

The most common use case of the PKI are myriad of the websites secured with TLS/HTTPS and using SSL certificates to establish trust for particular domain name(s) and authenticate the server side. Once the certificate is signed by the CA (certificate authority), it remains valid for a specific duration. When it’s about to expire, usually you renew it or buy a new one. But sometimes you need to revoke a certificate beforehand, usually due to a private key compromise.

Certificate revocation is a process of invalidating an issued SSL certificate. Ideally, browsers and other clients should be able to detect that the certificate is revoked in timely manner, show the security warning, that certificate is no longer trusted, and prevent user from further consuming such a website.