A PKI typically secures all client and server interactions established for a given enterprise. Typically, when a client initiates a secure connection to a server, the server uses its server digital certificate to assert its identity. The client then verifies the asserted identity against a root certificate provided by a CA that the client trusts. What happens if the client cannot find a root CA certificate that validates the server identity depends on the PKI, but often the client connection fails with some notification to the user with or without options to proceed.

Once a client validates and completes the connection to the server, the server might generate a symmetric key that it encrypts using asymmetric encryption and shares this key with the client to initiate confidential communications. Many other services can be offered as part of the secure connection between the client and server, including all of the core services of the PKI.