It is important to properly manage and control your private and public keys when using public key infrastructure (PKI). You will want to make sure private keys are only distributed to a single person or kept internal on your server. Private keys should never be shared with multiple users as they are the component used to verify the authenticity of data types using the matching public key. Public keys are designed to be distributed and shared with multiple users.
You Can Retract Certificates through a PKI Connection
You have the ability to invalidate public and private keys by setting an expiration date within the digital certificate or using a retraction method. There are various reasons why organizations set expiration dates or retract certificates. For example, if an organization believes their data has become compromised and might be potentially accessed without authorization, they can cancel and retract all related certificates. Users will realize their certificates are no longer valid when they attempt to authenticate through a PKI or other connection. Once the organization feels the problem has been resolved, they are able to create and issue new certificates.