We present an architecture for creating groups, managing their membership and proving membership in ad-hoc networks. Ad/hoc networks are formed on demand without support from pre-existing infrastructure such as central servers, security associations or PKI. The networks must continue functioning - as securely as possible - even when communication between the network nodes is only occasional and nodes unexpectedly fail or leave the network. Our architecture is based on key-oriented public-key certificates. (This is based on joint work with Silja Maki and Maarit Hietalahti, and it was funded by the Finnish defense forces.)