As mentioned earlier in this paper, the CA acts as a trusted third-party issuing certificates to users. Businesses also must distribute those certificates so they can be used by applications. Certificate repositories store certificates so that applications can retrieve them on behalf of users. The term repository refers to a network service that allows for distribution of certificates.Over the past few years, the consensus in the information technology industry is that the best technology for certificate repositories is provided by directory systems that are LDAP (Lightweight Directory Access Protocol)-compliant. LDAP defines the standard protocol to access directory systems.Several factors drive this consensus position:

• storing certificates in directories and having applications retrieve certificates on behalf of users provides the transparency required for use in most businesses
• many directory technologies supporting LDAP can be scaled to:
  • support a very large number of entries
  • respond efficiently to search requests due to their information storage and retrieval methods, and
  • be distributed throughout the network to meet the requirements of even the most highly-distributed organizations

In addition, the directories that support certificate distribution can store other organizational information. As discussed in the next section, the PKI can also use the directory to distribute certificate revocation information.