We all know the following theory: Each participant of the public key infrastructure (PKI) has a public key and a private key. The private key is kept secret, while the public key is published. In case we know the public key of someone, we can exchange messages with them in a secure (e.g. encrypted or authenticated) way. In order to achieve this, we need to acquire the public key in an authentic way, otherwise we do not know if it is the public key of the person we would like exchange messages with. In a public key infrastructure we generally acquire the public key in a certificate. Within the certificate, a trusted third party – a certificate authority – certifies that the public key belongs to a certain party.

If each participant of the public key infrastructure has one certificate, we need to acquire this certificate in order to exchange messages with them in a secure way.

However, the participants of real-world PKIs are forced to have not just one certificate, but they need to have many of them. A different certificate is needed for electronic signature, for encryption and for SSL connections, but often different fields of application (the electronic company registry system, the public administration, etc.) also require different certificates. There are various technical, legal, economic, etc. reasons of this phenomenon.

In our paper we review the reasons of this phenomenon and examine its effect on the development of PKI.