When a CA issues a certificate the signing certificate's SKI is imprinted as the issued certificate's AKI prior to being signed thus asserting the relationship.
Once a certificate is issued the AIA path cannot be changed without reissue, therefore the location used to publish these certificates must be thoroughly thought out.
The AIA field allows for either HTTP or LDAP paths to provide flexibility in publishing locations.
In general, three main areas of a certificate are checked during validation: In many cases, certificates are designed to provide identification of the computer or person holding the corresponding private key.
For example, when a user provides their Windows Live credentials to log on to a website the computer will validate that the certificate being used by the web server is authorized for the URL the user is accessing.
This is a multivariate field that may consist of zero or more of the following uses: In some cases these basic key usages may not be enough to identify a very specific or important use of the public key.