In several places in this chapter, I have mentioned about the PKI hierarchy and components, such as root CAs, intermediate CAs, and issuing CAs. Based on the business and operation requirements, PKI topology will also change. There are three deployments models we can use to address the PKI requirements. In this section, we will look into these models and their characteristics.