Public Key Infrastructure: Digital Trust Foundation

Find Threat Talks on

Public Key Infrastructure: The Foundation of Digital Trust

PKI isn’t paperwork.
It’s the switch that turns digital trust on—or off.
Set it up right and you get clean SSL decryption, hardened admin access, and identities that hold.
Mess it up and you gift attackers blind spots they’ll live in for months.
In this Deep Dive, host Lieuwe Jan Koning sits with Rob Maas (Field CTO, ON2IT) to break down how PKI really works—and how ON2IT built theirs to survive failure, audits, and human error.

What you’ll learn:
• Why PKI matters for SSL decryption and secure connections
• The role of root certificates, intermediates, and the chain of trust
• Lessons learned from compromised private keys
• ON2IT’s PKI setup with offline signing and key bearers
• Certificate lifetimes and automation with ACME

Bottom line: PKI is either your strongest control or your biggest liability. Choose.

Additional Resources
• Threat Talks Episode on SSL Decryption – https://youtu.be/Xv_jVHVsD9w
• ACME protocol (RFC 8555): https://datatracker.ietf.org/doc/rfc8555/
• Let’s Encrypt / ACME protocol – https://letsencrypt.org
• DigiNotar case study background – https://en.wikipedia.org/wiki/DigiNotar
• Mozilla CA Program (trusted root store): https://wiki.mozilla.org/CA
• infographic about encryption  https://on2it.s3.us-east-1.amazonaws.com/20250304_Infographic_Encryption.pdf

Your cybersecurity experts