Skip to content


  • Original Paper
  • Open Access

A search engine for the global PKI

Journal of Internet Services and Applications20101:9

  • Received: 24 December 2009
  • Accepted: 24 June 2010
  • Published:


Today the public key technology enjoys wide acceptance and use. Countless network protocols and applications use it to guarantee strong authentication and privacy. Usability and maintainability of this technology remains problematic, however. It is still very cumbersome and time-consuming to set up an enterprise Public Key Infrastructure (PKI) that has relationships with external parties. The emergence of PKI bridges, while solving one set of problems, created a new one: management of distributed trust became much more difficult. Complexity of the global PKI mesh and its decentralized nature created a need for a service with a unified view of the global PKI. In this paper we propose a PKI search engine that can provide such a service. The engine supports facilities for certificate and certificate revocation list (CRL) discovery, testing and troubleshooting of extra-enterprise PKIs, certificate revocation status lookup, certification path construction and validation, all based on the Internet-mined and user-registered information.


  • Public Key Infrastructure
  • PKI mesh
  • X.509 certificate
  • Certification authority
  • Certification path discovery and validation
  • Certificate discovery