Due to the dynamic topology and non infrastructure, network participants cooperate with their neighbors to route packets. The lack of centralized services allows mobile ad hoc networks to be easily and swiftly deployed, but make it difficult to check others' identities on the other hand. Cryptographic tools have been introduced to secure group communications, such as Private and Public Key Infrastructure. The autonomous and distributed nature of mobile ad hoc network demands a decentralized authentication service, where Public Key Infrastructure is considered a better solution. Public Key Infrastructure can ensure both confidentiality and authenticity, but it is impractical to provide an online trusted third party as Certificate Authority (CA) for mobile ad hoc network. In this paper, we proposed a new key management protocol which utilizes certificate graphs and distributed Certificate Authorities. Certificate graph maintained by each user represents the trust among his neighbors, then the maximum clique of certificate graph is selected to be CAs. Based on the assumption that initial certificate graph building is secure , good users have more friends while bad ones have less, thus a reliable group can be constructed. The most trustful subset of these good users - the maximum clique - is elected as the governor of this group, which takes the responsibility of certificate authentication.